General
-
Target
JaffaCakes118_724566e1fb2e9db8570519d4c90afce40f17f080d51468669856d37830074ba3
-
Size
727KB
-
Sample
241225-d5hrpawphv
-
MD5
99a444a2e45d6007e37fb0c2c25e49c4
-
SHA1
7ab6b11b684243ae587b6eb037cabe98984792ff
-
SHA256
724566e1fb2e9db8570519d4c90afce40f17f080d51468669856d37830074ba3
-
SHA512
7398994f927e22cd1bf868436c4645f368cf3439fe00dd836c10d8860ae22c73aa16f4ddd9c6f37053c326d65734d9e6ad1afe73955cc727c7c982b31f6ae69e
-
SSDEEP
6144:7umfsxtdM+jbYG0XxnHVMYhRANfAD58OAFZ3/g5VCyh9IiwEw6IAl:uoQYhiNft+wErIe
Malware Config
Targets
-
-
Target
JaffaCakes118_724566e1fb2e9db8570519d4c90afce40f17f080d51468669856d37830074ba3
-
Size
727KB
-
MD5
99a444a2e45d6007e37fb0c2c25e49c4
-
SHA1
7ab6b11b684243ae587b6eb037cabe98984792ff
-
SHA256
724566e1fb2e9db8570519d4c90afce40f17f080d51468669856d37830074ba3
-
SHA512
7398994f927e22cd1bf868436c4645f368cf3439fe00dd836c10d8860ae22c73aa16f4ddd9c6f37053c326d65734d9e6ad1afe73955cc727c7c982b31f6ae69e
-
SSDEEP
6144:7umfsxtdM+jbYG0XxnHVMYhRANfAD58OAFZ3/g5VCyh9IiwEw6IAl:uoQYhiNft+wErIe
Score10/10-
Guloader family
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1