General
-
Target
99dd3cc7c892b5f9ab08f1f32d24ceb1_JaffaCakes118
-
Size
364KB
-
Sample
240606-dtpqvsgd26
-
MD5
99dd3cc7c892b5f9ab08f1f32d24ceb1
-
SHA1
617dbe7a9ca971ab12bc47617b620439c2c4bb8a
-
SHA256
0191694f67cd2a399086c7681c270ac3bd72f67180f42e278c36e33612ea789c
-
SHA512
ec66eb1d8082328ce6661aa7f837ca3da9362f0882c5499641c5f72d772161645afe4b5bf7a3b344ccd1f30777dad3b85d81b54d9b487e624102a7cf0abd1ab3
-
SSDEEP
3072:5SBlIbRbYAR5PyVbjs2pymtaZt3zkKMAD/EfXg0mqS3Fdc7NK1JFNeRFFtJssA:5SBwRbYA/n2pj8Z7FjAw0258Hnss
Static task
static1
Behavioral task
behavioral1
Sample
99dd3cc7c892b5f9ab08f1f32d24ceb1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
99dd3cc7c892b5f9ab08f1f32d24ceb1_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1UnM5e0QivRQySIMs6YSxkUO014pasY9Y
Targets
-
-
Target
99dd3cc7c892b5f9ab08f1f32d24ceb1_JaffaCakes118
-
Size
364KB
-
MD5
99dd3cc7c892b5f9ab08f1f32d24ceb1
-
SHA1
617dbe7a9ca971ab12bc47617b620439c2c4bb8a
-
SHA256
0191694f67cd2a399086c7681c270ac3bd72f67180f42e278c36e33612ea789c
-
SHA512
ec66eb1d8082328ce6661aa7f837ca3da9362f0882c5499641c5f72d772161645afe4b5bf7a3b344ccd1f30777dad3b85d81b54d9b487e624102a7cf0abd1ab3
-
SSDEEP
3072:5SBlIbRbYAR5PyVbjs2pymtaZt3zkKMAD/EfXg0mqS3Fdc7NK1JFNeRFFtJssA:5SBwRbYA/n2pj8Z7FjAw0258Hnss
Score10/10-
Guloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-