General
-
Target
6a32a678f30ddbebaa1cf116cb93d6c6_JaffaCakes118
-
Size
64KB
-
Sample
240523-jcga2shf2v
-
MD5
6a32a678f30ddbebaa1cf116cb93d6c6
-
SHA1
8723cfc37612d6ace5995bc9fdf7bafde340c88a
-
SHA256
69c84a0743fa9db1d4d0750592e6fb1e618ed941e0fbe2f2679cbab7acbbaca7
-
SHA512
0f30844d871b0942c4b7b2bc49a0f7e5374390ab5dfafca96cbd3d490245bebd7961e6f656bf995777bd0992ccad78b75860a7f08455d710d87b374c874f1f14
-
SSDEEP
768:ENSmGFa2mjEFnR/TTeUp5yn25f9a70701XU95RZom2DqtK:ENfGIjEhR/T95yn0fE70I1XoD2Dt
Behavioral task
behavioral1
Sample
6a32a678f30ddbebaa1cf116cb93d6c6_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
6a32a678f30ddbebaa1cf116cb93d6c6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
guloader
http://185.224.128.43/ariiikkkk_encrypted_7EFF1B0.bin
Targets
-
-
Target
6a32a678f30ddbebaa1cf116cb93d6c6_JaffaCakes118
-
Size
64KB
-
MD5
6a32a678f30ddbebaa1cf116cb93d6c6
-
SHA1
8723cfc37612d6ace5995bc9fdf7bafde340c88a
-
SHA256
69c84a0743fa9db1d4d0750592e6fb1e618ed941e0fbe2f2679cbab7acbbaca7
-
SHA512
0f30844d871b0942c4b7b2bc49a0f7e5374390ab5dfafca96cbd3d490245bebd7961e6f656bf995777bd0992ccad78b75860a7f08455d710d87b374c874f1f14
-
SSDEEP
768:ENSmGFa2mjEFnR/TTeUp5yn25f9a70701XU95RZom2DqtK:ENfGIjEhR/T95yn0fE70I1XoD2Dt
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-