General
-
Target
JaffaCakes118_7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9
-
Size
344KB
-
Sample
241226-zbxveaypdm
-
MD5
26c1961c629a942788089f89b1cac50c
-
SHA1
935559fe62e2178e4efc45a31ab1d11488d8412c
-
SHA256
7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9
-
SHA512
5ca13c271e755ff13a6926a20773af65c4aa755a92f4a4e3891558675acd0738b2fcdf1873bd1545a21ebcae771275ec35ff36c866b0cd9be8970a7f11a415ce
-
SSDEEP
1536:N64IoY2vqki1BN/cjGRhMR+ebjz9IjRmvog6nCaysWYp2IazMRAt6DziIwNFczqt:KoRyk1SXCXz99vog6jysuMRkmiIY+y
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9.vbs
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9
-
Size
344KB
-
MD5
26c1961c629a942788089f89b1cac50c
-
SHA1
935559fe62e2178e4efc45a31ab1d11488d8412c
-
SHA256
7d920532b4b748249e809c93368dc5c317479dfa2855df5dc8f559c6936205f9
-
SHA512
5ca13c271e755ff13a6926a20773af65c4aa755a92f4a4e3891558675acd0738b2fcdf1873bd1545a21ebcae771275ec35ff36c866b0cd9be8970a7f11a415ce
-
SSDEEP
1536:N64IoY2vqki1BN/cjGRhMR+ebjz9IjRmvog6nCaysWYp2IazMRAt6DziIwNFczqt:KoRyk1SXCXz99vog6jysuMRkmiIY+y
-
Guloader family
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1