General
-
Target
4456b93fa84ead0e6c5020d665120262_JaffaCakes118
-
Size
80KB
-
Sample
240515-dvjk8sfa84
-
MD5
4456b93fa84ead0e6c5020d665120262
-
SHA1
3c30e119261d2ed1b57887bee9e2bb895f120500
-
SHA256
b7eb38f8a922a1344be7186fbf3169e0d130b91498dfae583b9b6d942b40cdd9
-
SHA512
3c2b66cfefd00a5a8cd55b13275bec599213bc9695c3d2b69c2ed9198fb205dd9d899243d1398bb0c58a49fbc0ef5d3461a4589db69d38d5dec233272b8807e3
-
SSDEEP
1536:Q5aO0FX8PbNNkd73OKOeAXmfp/tbM5jx:Q0X8znkd73O1X29Mv
Static task
static1
Behavioral task
behavioral1
Sample
4456b93fa84ead0e6c5020d665120262_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4456b93fa84ead0e6c5020d665120262_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
guloader
https://mwrc.ca/a/sh_encrypted_F09C70F.bin
Targets
-
-
Target
4456b93fa84ead0e6c5020d665120262_JaffaCakes118
-
Size
80KB
-
MD5
4456b93fa84ead0e6c5020d665120262
-
SHA1
3c30e119261d2ed1b57887bee9e2bb895f120500
-
SHA256
b7eb38f8a922a1344be7186fbf3169e0d130b91498dfae583b9b6d942b40cdd9
-
SHA512
3c2b66cfefd00a5a8cd55b13275bec599213bc9695c3d2b69c2ed9198fb205dd9d899243d1398bb0c58a49fbc0ef5d3461a4589db69d38d5dec233272b8807e3
-
SSDEEP
1536:Q5aO0FX8PbNNkd73OKOeAXmfp/tbM5jx:Q0X8znkd73O1X29Mv
Score10/10-
Guloader payload
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-