General
-
Target
5d1d04f6981be3d22f4db4c14831ad6e_JaffaCakes118
-
Size
66KB
-
Sample
240520-erjmhabf8x
-
MD5
5d1d04f6981be3d22f4db4c14831ad6e
-
SHA1
8e9d5a00781b438395a9f491c202df7327709aef
-
SHA256
b4f06ccc40afc1ae89f9c30b744780b8278f74518ef3e77c97aa0ddba65532dd
-
SHA512
7356b9adc812b42b2b5dda9f79ab2aa600017dfa74ddbe79394122d368f18c0dcf781009c251e627417af9b18a5b3f65002f1bfb69b2316f6c3a65ddb1b081b1
-
SSDEEP
1536:sZH5c6NkLZh4qrsp7alamqgpVIsvHNLk1eQ5RJ9JAopO0F+U:srWZh4qrm7alaepVIsRk1eGRZMq+U
Static task
static1
Behavioral task
behavioral1
Sample
Stateent6_from_emerat_group.pdf.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Stateent6_from_emerat_group.pdf.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=886791A338196A5D&resid=886791A338196A5D%211899&authkey=AOIrPjbXhW_WZVo
Targets
-
-
Target
Stateent6_from_emerat_group.pdf.exe
-
Size
263KB
-
MD5
5da57fce93a85e91d68c9d9fe5fa71c8
-
SHA1
e2dcbfd47f2e6f33bb5a594c789b67a7f0585f3a
-
SHA256
4f9cda81a57f8eb019f94a2983c56f5f8a50813d332dd3207f33f97fdc55346e
-
SHA512
f7042e72bc5856b285ffbefc7139665762d313af155b4419ee3b8d7840cca089ad14ad94f5ddc97d0860a7c6f8c5af5e8493b49533c77bc372281b97008020a0
-
SSDEEP
6144:ip0TLAkzL7r9r/EDppppppppppppppppppppppppppppp0G7:iuTNP7r9r/+pppppppppppppppppppph
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-