Overview
overview
10Static
static
35dd0b3b36f...90.exe
windows7-x64
105dd0b3b36f...90.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3IISCrypto.exe
windows7-x64
1IISCrypto.exe
windows10-2004-x64
1Microsoft....ck.dll
windows7-x64
1Microsoft....ck.dll
windows10-2004-x64
1General
-
Target
JaffaCakes118_25c15c9681089beffc8e40612a9b1c257cb170c08946b2ff88f15a36de7848c2
-
Size
289KB
-
Sample
241224-s6jgya1mdk
-
MD5
d4112dac20a6b5ca5a66ff55449a013e
-
SHA1
33b12b928b00cd19bb7cbb40a7c00cbf2f7cff21
-
SHA256
25c15c9681089beffc8e40612a9b1c257cb170c08946b2ff88f15a36de7848c2
-
SHA512
2fa5b5ab8840fc0aec45b30c47b360b4a1897ac169b1df4f2b21e3ba744a21b7dee9865da88821fdf32012d475157891c320b73d3818fc6e6551d8a1a726d938
-
SSDEEP
6144:TBhlmHQzMrbyHxcsA6JvQ5gu28UlKhWEu0xxPqVI1kY57I0ioQYuYy7:XwPALJC6lKMIqVaVribYu/7
Static task
static1
Behavioral task
behavioral1
Sample
5dd0b3b36f6e543617bd5d1c7f45ec56406ab95d585cbcfea73a7a0877f8c890.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
5dd0b3b36f6e543617bd5d1c7f45ec56406ab95d585cbcfea73a7a0877f8c890.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
IISCrypto.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
IISCrypto.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Microsoft.WindowsAPICodePack.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Microsoft.WindowsAPICodePack.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
5dd0b3b36f6e543617bd5d1c7f45ec56406ab95d585cbcfea73a7a0877f8c890
-
Size
307KB
-
MD5
63532a519bd02c6aae21d1af04c8d91f
-
SHA1
9f4593a6241658698f6aa84fe2f590ccecc21f28
-
SHA256
5dd0b3b36f6e543617bd5d1c7f45ec56406ab95d585cbcfea73a7a0877f8c890
-
SHA512
7d0dfc91e9d7f3747bbf137b1f0155a0068bbb39db4e8129f780a5e49cb9c23d3aad92c961609513c410f12207fbef41ec8dc0bf26fe2f4c9af6a93e5cf33e1b
-
SSDEEP
6144:E1ssjH3zJkAD54sRVruVPYQcBHy5aFKJz5thM7O8LY1gPfxVJMyF:5sjD19FCmLlKFvhM7bf/
Score10/10-
Guloader family
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
792b6f86e296d3904285b2bf67ccd7e0
-
SHA1
966b16f84697552747e0ddd19a4ba8ab5083af31
-
SHA256
c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917
-
SHA512
97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c
-
SSDEEP
192:rFiQJ771Jt17C8F1A5xjGNNvgFOiLb7lrT/L93:X71Jt48F2eNvgFF/L
Score3/10 -
-
-
Target
IISCrypto.exe
-
Size
341KB
-
MD5
4fcde9159e5a68e0177590eaeee3d5c5
-
SHA1
23794916aafc1c4af327dccb58a51a29825a929a
-
SHA256
79b17ab2679d64212710a456a5c1713ff265949b40518f67e61a68d29c521e76
-
SHA512
c704ca413f9874fa0b289e5cd1c50af0bb35c0768a087761c45c396dfa288d99d95902a02f12be8b177acf5eea59aeb7858fc65f4a8a3f02883052b39839bc20
-
SSDEEP
6144:zZ23NbztYTCs7HGCut28q2AsXeg17e/fZ8h4ZxANdmt+jRd5h2rKsREF:zZ23NbzIHTNK4GfRd5h2Gn
Score1/10 -
-
-
Target
Microsoft.WindowsAPICodePack.dll
-
Size
103KB
-
MD5
56e013e924822c9d02329b15b03ede73
-
SHA1
085dacfcd1ffa398b795d096833d16367b0d2886
-
SHA256
7b88388b8367f0d873d0e3b66f533869c24e346fb6f0b2c6c783f931cc9a1631
-
SHA512
ea0020ee32e0c7e7323f5858a462bf762f65013509012147430f0d8f665eb86f534d2491ca9f737c15bf6f995a8d3e0172537129a0dc8628cf7bf0d0f48457d1
-
SSDEEP
3072:YfBa6TWUNuRhicznzcSZRazyDG43vjyMcnFliz:dUNuZjAI+mvuM
Score1/10 -