General

  • Target

    JaffaCakes118_7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9

  • Size

    344KB

  • Sample

    241226-zbxveaypdm

  • MD5

    26c1961c629a942788089f89b1cac50c

  • SHA1

    935559fe62e2178e4efc45a31ab1d11488d8412c

  • SHA256

    7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9

  • SHA512

    5ca13c271e755ff13a6926a20773af65c4aa755a92f4a4e3891558675acd0738b2fcdf1873bd1545a21ebcae771275ec35ff36c866b0cd9be8970a7f11a415ce

  • SSDEEP

    1536:N64IoY2vqki1BN/cjGRhMR+ebjz9IjRmvog6nCaysWYp2IazMRAt6DziIwNFczqt:KoRyk1SXCXz99vog6jysuMRkmiIY+y

Malware Config

Targets

    • Target

      JaffaCakes118_7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9

    • Size

      344KB

    • MD5

      26c1961c629a942788089f89b1cac50c

    • SHA1

      935559fe62e2178e4efc45a31ab1d11488d8412c

    • SHA256

      7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9

    • SHA512

      5ca13c271e755ff13a6926a20773af65c4aa755a92f4a4e3891558675acd0738b2fcdf1873bd1545a21ebcae771275ec35ff36c866b0cd9be8970a7f11a415ce

    • SSDEEP

      1536:N64IoY2vqki1BN/cjGRhMR+ebjz9IjRmvog6nCaysWYp2IazMRAt6DziIwNFczqt:KoRyk1SXCXz99vog6jysuMRkmiIY+y

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks