General

  • Target

    JaffaCakes118_14286f5d33d5d0db8c2cf853588105de

  • Size

    136KB

  • Sample

    250106-hffcgs1pdn

  • MD5

    14286f5d33d5d0db8c2cf853588105de

  • SHA1

    0054237732dfb296e5b5429886a057e4374c1515

  • SHA256

    0bf8feda9e131c4b5bc7b17218880c3a492f702fa9fd6dc9d10f5a62a72aa08a

  • SHA512

    f8169fc9ed525a268dca75f6e1e836fae00dabe3876aaf4766d21cf8d883fa91f0e4a6c8c9fcee3daec6ac6db0100614e7bbf0720b9015cd98015043dafe627d

  • SSDEEP

    1536:jSMJImKSOog+MxVnWzC5sWgzb7W/MEA6Jm2taMMco3v:ll1OogjVnQCia/lAYVi

Malware Config

Targets

    • Target

      JaffaCakes118_14286f5d33d5d0db8c2cf853588105de

    • Size

      136KB

    • MD5

      14286f5d33d5d0db8c2cf853588105de

    • SHA1

      0054237732dfb296e5b5429886a057e4374c1515

    • SHA256

      0bf8feda9e131c4b5bc7b17218880c3a492f702fa9fd6dc9d10f5a62a72aa08a

    • SHA512

      f8169fc9ed525a268dca75f6e1e836fae00dabe3876aaf4766d21cf8d883fa91f0e4a6c8c9fcee3daec6ac6db0100614e7bbf0720b9015cd98015043dafe627d

    • SSDEEP

      1536:jSMJImKSOog+MxVnWzC5sWgzb7W/MEA6Jm2taMMco3v:ll1OogjVnQCia/lAYVi

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks