General
-
Target
59fcf7b5ccb0d1ffa8bad8bff4254fcc_JaffaCakes118
-
Size
100KB
-
Sample
240519-pfnr7agg28
-
MD5
59fcf7b5ccb0d1ffa8bad8bff4254fcc
-
SHA1
460211f872351b7550c73a2a1f6362422f43b794
-
SHA256
b17609b7cf880aa1baf7df58685c8dc2e5609e5eccc0699e13163a6b712e155b
-
SHA512
403dbad3d5d66cd565b9bbdd96766748a628fa75c1649730789cb084a261ddb25018355940a07931daaf22ccd9093dad21f73a66166190b39e92d9592bcb6d3c
-
SSDEEP
768:W8t0MTQprGjsaWrTGUV3+0/P8Hm2wB/D6u3mYhOrFQ0AN+MXNw:j01VqszTGUV3+0mcx3NQ+03MC
Static task
static1
Behavioral task
behavioral1
Sample
59fcf7b5ccb0d1ffa8bad8bff4254fcc_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
59fcf7b5ccb0d1ffa8bad8bff4254fcc_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1CcmHMNCuxj_nXaHB3j9KegXULq56dRSd
http://marckasgfdvc.ug/disabler_encrypted_F9BD38F.bin
Targets
-
-
Target
59fcf7b5ccb0d1ffa8bad8bff4254fcc_JaffaCakes118
-
Size
100KB
-
MD5
59fcf7b5ccb0d1ffa8bad8bff4254fcc
-
SHA1
460211f872351b7550c73a2a1f6362422f43b794
-
SHA256
b17609b7cf880aa1baf7df58685c8dc2e5609e5eccc0699e13163a6b712e155b
-
SHA512
403dbad3d5d66cd565b9bbdd96766748a628fa75c1649730789cb084a261ddb25018355940a07931daaf22ccd9093dad21f73a66166190b39e92d9592bcb6d3c
-
SSDEEP
768:W8t0MTQprGjsaWrTGUV3+0/P8Hm2wB/D6u3mYhOrFQ0AN+MXNw:j01VqszTGUV3+0mcx3NQ+03MC
Score10/10-
Guloader payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-