Overview

overview

10

Static

static

3

Pepsico LL...on.exe

windows7-x64

10

Pepsico LL...on.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    JaffaCakes118_bf283c846da3d2c647c28ee96fec9a2b5e0d94963b32c6a4dd98a2e0a5e5a587

  • Size

    250KB

  • Sample

    241225-b8mtpstngq

  • MD5

    04185fd6dc1d32126aa74718ca9c0170

  • SHA1

    675012bd91712dc596de55040e56c68abed5d169

  • SHA256

    bf283c846da3d2c647c28ee96fec9a2b5e0d94963b32c6a4dd98a2e0a5e5a587

  • SHA512

    d3c3a7b4ba616676ee1f80dbebdb273931a20d01d0cb5e1fbbe68a8f01eb68c5860d076bb9601726d44b37e37cae8d774fe6e5a11337a917179bb6601705ee1d

  • SSDEEP

    6144:J+ODPvsG2xxrP66+6q5VLoUwBNcC+4b20NkSM9Bstr4YK+:J+OPkPj66vq56BNcpv6

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Pepsico LLC RFQ Information.com

    • Size

      276KB

    • MD5

      ba5a03ecafa3d792f201c8800399536d

    • SHA1

      7b69b6baa75d9ba132fb47e86b3b368f5025a964

    • SHA256

      c8b9df067d8ce54ce2c376ad20bd6130dc1f3d4feac573da798e68a202b2ef6f

    • SHA512

      af943f90c61be949e17b60fe5cfbe784d0fd59f3344569601992856423945c305dbbcd2350b6076ba353b842216debd035d4e15bf23f7538d7b3c08ce3cd20e8

    • SSDEEP

      6144:9PXxJ53FyQdODHl2L+rLJqrmHl8UOSYwa8ldC:R53FyQ0++rLsKHiUzdC

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks