General
-
Target
98d428cedd3097e0cd2e8a53bf17677d_JaffaCakes118
-
Size
38KB
-
Sample
240605-wewvqsed36
-
MD5
98d428cedd3097e0cd2e8a53bf17677d
-
SHA1
ab23be0a6bd1973ba0d95cacbd6f968d1fbf0294
-
SHA256
eb2cfc0e07bbf66c35c501c62b4ec93691af634f60ecc0b6a726fa69d871612d
-
SHA512
3ff643dd29728750c74cee96556ea4332d6e3899a25a88aff17b80cf5719ef9f5aef33c8fd7ec963b4b53dfd99b7a7b8f5f5db8454173926d446990d760fde33
-
SSDEEP
768:J9KPWy39Xt9PQzSXk3ozEfyFWxBw5Jof4TxMex/XeGTk0J9b:JMhVtbXkYzjFC0N7x/Xxjb
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1kLqnvI4CWcDssiC8xLLUw7jhsK9D-FbJ
Targets
-
-
Target
New Order.bat
-
Size
156KB
-
MD5
07330263ba72040afc2165cd85bcf719
-
SHA1
a699b4e8cfea065b4cb77e32da80c4f545642479
-
SHA256
425a1bf78cf197625f6008f34534134640a834ccafa4e7a5dc845bbbb20d71cc
-
SHA512
5e9e581606db32947d14b6e8b35eccb3abd25548c48a638dd3c9ca0880451691a7f17363f1aaaee850c68c4f3312783d10419a4e36a891e13367f63658abcda5
-
SSDEEP
1536:8WA+Bc5SaLsJIEaQ+YDhaDe8vJzgBSqaE9yve2osVqgUXaZqo1dtk+0JoN6CK0uw:lA+m5SWsJIQ++Me8vuQ1K2Oz6
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-