General
-
Target
53776b0e3e1bd4b8ae34fe8b1be11352_JaffaCakes118
-
Size
33KB
-
Sample
240518-hphtzagf4t
-
MD5
53776b0e3e1bd4b8ae34fe8b1be11352
-
SHA1
f87971d6d13d26081f8f5c5f0402fe608dfbdfee
-
SHA256
dc249bae299755c425b8b4fdc1220b81dec4ab0521c863e75e7a75deb6d0a57b
-
SHA512
128919477adf7a5d231250902068b984a9eccf6e3f35877a69bbf214f007e89a9b9847f597e715334c20a4081729f3482f7c1b7489e5c83f64e9fe8ad262186d
-
SSDEEP
768:kg50ooyDAjnsMRi0gNCi9z+517VqHIPYSyuOI:R50oohzs/YPYSyuJ
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
guloader
http://185.224.128.43/ariiikkkk_encrypted_7EFF1B0.bin
Targets
-
-
Target
Invoice.exe
-
Size
68KB
-
MD5
1579644ce72ad802ba00e84e8eeda25d
-
SHA1
ede8b5d633c46f6464f40c693f90bcb9cc5e563e
-
SHA256
943c00e81e428945cac86a29c06aa8d5569d38090ff1e94d273986861b845114
-
SHA512
984492d560675301e992b5eebeb4275c4f1abcc6d98c035357189382ceb627a55f267bb63efebddbe633e0a4a7386ee815b02309d90197a1c16ae9e08ca02a10
-
SSDEEP
1536:FuT6IKi/mNbzwlThmt7m/1vMl0Wqp50n3:TI9/mNbUlThI7m/CbqpSn3
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-