Overview

overview

10

Static

static

3

e2f85c3eb2...16.exe

windows7-x64

10

e2f85c3eb2...16.exe

windows10-2004-x64

10

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

GameVisualPlugin.dll

windows7-x64

1

GameVisualPlugin.dll

windows10-2004-x64

1

Mythogenes...in.dll

windows7-x64

1

Mythogenes...in.dll

windows10-2004-x64

1

Mythogenes...NE.exe

windows7-x64

3

Mythogenes...NE.exe

windows10-2004-x64

3

Mythogenes...em.dll

windows7-x64

1

Mythogenes...em.dll

windows10-2004-x64

1

Sellerier/...es.dll

windows7-x64

1

Sellerier/...es.dll

windows10-2004-x64

1

Sellerier/...le.dll

windows7-x64

1

Sellerier/...le.dll

windows10-2004-x64

1

StartNE.exe

windows7-x64

3

StartNE.exe

windows10-2004-x64

3

System.IO....em.dll

windows7-x64

1

System.IO....em.dll

windows10-2004-x64

1

System.Tex...es.dll

windows7-x64

1

System.Tex...es.dll

windows10-2004-x64

1

System.ValueTuple.dll

windows7-x64

1

System.ValueTuple.dll

windows10-2004-x64

1

dbdump.dll

windows7-x64

1

dbdump.dll

windows10-2004-x64

1

gmodule-2.0.dll

windows7-x64

1

gmodule-2.0.dll

windows10-2004-x64

1

icon-cli.html

windows7-x64

3

icon-cli.html

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8f53c4425f6546c0570e1893297ebc337d01017cc188803e303c53d106ebc501

  • Size

    24.6MB

  • Sample

    241227-a2jb9swrcq

  • MD5

    3e2f78eec8345e7f02e222c6e9269c91

  • SHA1

    a18ee3d2a5bb9e779258c22e06d8ff16f0adc37e

  • SHA256

    8f53c4425f6546c0570e1893297ebc337d01017cc188803e303c53d106ebc501

  • SHA512

    356c7d03c957bbeaa245439750bc1624b3c1d10b4212ae3d8d9b78685405a4ed4293cff352592dc422e00914a0d925b4d491a7fcb96dd7ccd14daedf8812d715

  • SSDEEP

    393216:E6Obvej1Z4DrJjMo6xvSCylTYo+mPnbRGi7nbvryfWh/T0P7HxdbyVfm:TQvepZCrxT6x97QbRGKLrcWRC7RxyVfm

Score
10/10
guloaderdiscoverydownloaderpersistence

Malware Config

Targets

    • Target

      e2f85c3eb27695e55e3377d8695f66791dc80a6cbb7b9b059b365c58b5b49d16

    • Size

      24.6MB

    • MD5

      13d3828002bbe548ed0b85321e15c72c

    • SHA1

      1a57c0a1a828410079e01792ab8d5d5ee27a4640

    • SHA256

      e2f85c3eb27695e55e3377d8695f66791dc80a6cbb7b9b059b365c58b5b49d16

    • SHA512

      d1502648a5865b434f380b13cf8fd65c9ef2bc36c8a5d00fd98d568d6a1529c29c1553808147570796de23d176906a09f16523166c4c2f05e3af00c198d290b9

    • SSDEEP

      786432:G2ycRL+5PgCSQ9uzzZG0H/L3hKFs8gIxo+cWF:G2y2LUoKQzms8doNm

    Score
    10/10
    guloaderdiscoverydownloaderpersistence

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/Math.dll

    • Size

      67KB

    • MD5

      85428cf1f140e5023f4c9d179b704702

    • SHA1

      1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

    • SHA256

      8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

    • SHA512

      dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

    • SSDEEP

      1536:GUZ9QC7V7IGMp2ZmtSX5p9IeJXlSM2tS:T97WSth5lwt

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      GameVisualPlugin.dll

    • Size

      362KB

    • MD5

      b46ad074c19e02264abf3f27a91aefce

    • SHA1

      7f212c891c63c512a7fa5ee266f9e6dc6ad39a82

    • SHA256

      db89da4fe3889241c62533927acb7fc8c353686dbb9a84f9050477fe6e36e8dc

    • SHA512

      05c9fcef2ffaf0169447360f8a6e96ea34d390116186c9ea9ee9ec615bef5a1ac2c25e90c7b4b3991b03925e2e21203967e1b38a29a178acab64f1d52ca2dcf2

    • SSDEEP

      6144:Ril62qdUkN4e9nQKZ+c+n19lwEWicnf4nhE/4gdZf0dd/X5czPXhalK4aYq9Uf:062qdUkN4eIc+19lw9f4q/4gMdrcklKW

    Score
    1/10
    behavioral7behavioral8

    • Target

      Mythogeneses/Highlandish/Tagalogs/Hulslib114/GameVisualPlugin.dll

    • Size

      362KB

    • MD5

      b46ad074c19e02264abf3f27a91aefce

    • SHA1

      7f212c891c63c512a7fa5ee266f9e6dc6ad39a82

    • SHA256

      db89da4fe3889241c62533927acb7fc8c353686dbb9a84f9050477fe6e36e8dc

    • SHA512

      05c9fcef2ffaf0169447360f8a6e96ea34d390116186c9ea9ee9ec615bef5a1ac2c25e90c7b4b3991b03925e2e21203967e1b38a29a178acab64f1d52ca2dcf2

    • SSDEEP

      6144:Ril62qdUkN4e9nQKZ+c+n19lwEWicnf4nhE/4gdZf0dd/X5czPXhalK4aYq9Uf:062qdUkN4eIc+19lw9f4q/4gMdrcklKW

    Score
    1/10
    behavioral10behavioral9

    • Target

      Mythogeneses/Highlandish/Tagalogs/Hulslib114/StartNE.exe

    • Size

      559KB

    • MD5

      d292c6575ad1f5b50e0afe7d66f6957b

    • SHA1

      7464c29b4686c5819f5b94ece3b7d0110f2b7e88

    • SHA256

      a76724e4f0bddd4c5ad2e91d617d8f55566681780404c9d77c4fa7a892cf7e45

    • SHA512

      3572de45df3474da4e9b5864c9ebfab96392108ef12db14195677cc88bf34d73b76c2fe76916e9c7a4e45e1271b55401e4ca94e54a4540cea11696cd688dfd0e

    • SSDEEP

      6144:Bx6dW+AtlLjxCwsjQTyOQXgeKJiVxHyKwgBmqwQQoSn6r:GdfATttcg9WxHyPgBmqwQQYr

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Mythogeneses/Highlandish/Tagalogs/Hulslib114/System.IO.Compression.FileSystem.dll

    • Size

      23KB

    • MD5

      00f567c4f703502d26e62b16023099b4

    • SHA1

      f3db676945d47579778862e2ccd69d2141c9aa56

    • SHA256

      6f1f542f0545476c5d52b9e2ee8891343eb846a8409c3684a329a631d049b283

    • SHA512

      237b9786fc38be6c263f71a4838c62ec99ff3efdbad923a714d368b50a5e8166c22c302d7ed4d3d13690ef4ff0656d4b7ee336372a3919396e33687e7b3c4e3e

    • SSDEEP

      384:P+dI4qsPZrvWMoWrzv9A0GftpBj3PhJ+ILKHRN7eclSllL9:mdYMZJJiRhJmAllp

    Score
    1/10
    behavioral13behavioral14

    • Target

      Sellerier/System.Text.Encoding.CodePages.dll

    • Size

      849KB

    • MD5

      ced22cb5131040ed68ba36b9cc8f3983

    • SHA1

      fe788dd6ec13a4efb72f0feeb0763c59ff1658e9

    • SHA256

      9fa4c3e42dc29c6358333dac95470275560dff131be064d46356a918a0c933e4

    • SHA512

      c0d53896985111bd69b716334b39e5536744cb7ccd8c7488d33144de61dcb4c8cb7a932aef39ceb56372b861c2fadd823e68a9c453e58621e47d551181951822

    • SSDEEP

      12288:3o47xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPtPrDLpa1HZIhOW:3oK9km6k/IwRYbiBeKGC0D2I4

    Score
    1/10
    behavioral15behavioral16

    • Target

      Sellerier/System.ValueTuple.dll

    • Size

      15KB

    • MD5

      852ce23048161a42484c276c6bd8804f

    • SHA1

      dfbb4337c0b8dedc65330786aa9fe30e3039c3e4

    • SHA256

      b1df7b8f18ca5fed0a75b3fea989af7b5cd00c9275bb2d5d2c6575d35a422acd

    • SHA512

      3b8b69f45c5abccfb3ab412a7677701dee69ca61bb008e582eec73dc8434e36d0acefbbfa05dfd6a57cc0bb5f15156c059cc95875466c9b65684efe0060e6da7

    • SSDEEP

      384:mjCGc/2IWfGWql7/uPHRN7vRzWF//dJR9zt1:mjwiylTMvRzWF//dj9zf

    Score
    1/10
    behavioral17behavioral18

    • Target

      StartNE.exe

    • Size

      559KB

    • MD5

      d292c6575ad1f5b50e0afe7d66f6957b

    • SHA1

      7464c29b4686c5819f5b94ece3b7d0110f2b7e88

    • SHA256

      a76724e4f0bddd4c5ad2e91d617d8f55566681780404c9d77c4fa7a892cf7e45

    • SHA512

      3572de45df3474da4e9b5864c9ebfab96392108ef12db14195677cc88bf34d73b76c2fe76916e9c7a4e45e1271b55401e4ca94e54a4540cea11696cd688dfd0e

    • SSDEEP

      6144:Bx6dW+AtlLjxCwsjQTyOQXgeKJiVxHyKwgBmqwQQoSn6r:GdfATttcg9WxHyPgBmqwQQYr

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      System.IO.Compression.FileSystem.dll

    • Size

      23KB

    • MD5

      00f567c4f703502d26e62b16023099b4

    • SHA1

      f3db676945d47579778862e2ccd69d2141c9aa56

    • SHA256

      6f1f542f0545476c5d52b9e2ee8891343eb846a8409c3684a329a631d049b283

    • SHA512

      237b9786fc38be6c263f71a4838c62ec99ff3efdbad923a714d368b50a5e8166c22c302d7ed4d3d13690ef4ff0656d4b7ee336372a3919396e33687e7b3c4e3e

    • SSDEEP

      384:P+dI4qsPZrvWMoWrzv9A0GftpBj3PhJ+ILKHRN7eclSllL9:mdYMZJJiRhJmAllp

    Score
    1/10
    behavioral21behavioral22

    • Target

      System.Text.Encoding.CodePages.dll

    • Size

      849KB

    • MD5

      ced22cb5131040ed68ba36b9cc8f3983

    • SHA1

      fe788dd6ec13a4efb72f0feeb0763c59ff1658e9

    • SHA256

      9fa4c3e42dc29c6358333dac95470275560dff131be064d46356a918a0c933e4

    • SHA512

      c0d53896985111bd69b716334b39e5536744cb7ccd8c7488d33144de61dcb4c8cb7a932aef39ceb56372b861c2fadd823e68a9c453e58621e47d551181951822

    • SSDEEP

      12288:3o47xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPtPrDLpa1HZIhOW:3oK9km6k/IwRYbiBeKGC0D2I4

    Score
    1/10
    behavioral23behavioral24

    • Target

      System.ValueTuple.dll

    • Size

      15KB

    • MD5

      852ce23048161a42484c276c6bd8804f

    • SHA1

      dfbb4337c0b8dedc65330786aa9fe30e3039c3e4

    • SHA256

      b1df7b8f18ca5fed0a75b3fea989af7b5cd00c9275bb2d5d2c6575d35a422acd

    • SHA512

      3b8b69f45c5abccfb3ab412a7677701dee69ca61bb008e582eec73dc8434e36d0acefbbfa05dfd6a57cc0bb5f15156c059cc95875466c9b65684efe0060e6da7

    • SSDEEP

      384:mjCGc/2IWfGWql7/uPHRN7vRzWF//dJR9zt1:mjwiylTMvRzWF//dj9zf

    Score
    1/10
    behavioral25behavioral26

    • Target

      dbdump.dll

    • Size

      112KB

    • MD5

      3d9813a04df8b1cba4814b68b5fd79d3

    • SHA1

      8a9c270e937941c4028c6248bd89652fd0b559b9

    • SHA256

      af8ad3207a0c321578f5a29b1bdbe2e3a17790d56903a4d272cc8997047775c3

    • SHA512

      ee65de88a00c31cd69648d682fb59185cb910a89276e26376a13269fc88815d57f653cc1118e9b2a825d0e46006ffdb7a4614f0b9a2bf7e484d451fae5cb555c

    • SSDEEP

      768:Y9NIZpcklqZqUJCz90uz310gk1KLh4CHdHBfVnBF9gtZ5ZTKLG7sQdTgp37CtR0N:YLIJqfJCz9neghLhjpB9n/2tEs1xzyFT

    Score
    1/10
    behavioral27behavioral28

    • Target

      gmodule-2.0.dll

    • Size

      34KB

    • MD5

      f5b524b084bf251eaf29fe2bbd3df720

    • SHA1

      21290fd13fd93d49b6be72ccacdf60bb0354ad62

    • SHA256

      da547b8760137807a0639d943db63b2b4b72d5afd2b7b131a18fcb8730d9a46a

    • SHA512

      0db7f7ab8c5b257f7dca3a4b8d22b072267547a088863d6d75b7dca40dc81def470409568a1953876673aa7d6156dc71e3c9c5026b86780af2e6d74751f5125c

    • SSDEEP

      384:GXmCf1IXxPE2Q+FoFR01pDhj3aKuqHue0hOy/pNhv1MQDt6OiOUcxfhH6:uQOR+6sDhb7uA0hpNh9MQDtLiaRhH6

    Score
    1/10
    behavioral29behavioral30

    • Target

      icon-cli.icns

    • Size

      1KB

    • MD5

      5343c1a8b203c162a3bf3870d9f50fd4

    • SHA1

      04b5b886c20d88b57eea6d8ff882624a4ac1e51d

    • SHA256

      dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

    • SHA512

      e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

guloaderdiscoverydownloaderpersistence
Score
10/10

behavioral2

guloaderdiscoverydownloaderpersistence
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10