General
-
Target
9b12deefce1d5506012665df7f3ef103_JaffaCakes118
-
Size
106KB
-
Sample
240610-sbkrhszfnb
-
MD5
9b12deefce1d5506012665df7f3ef103
-
SHA1
ec03f66334aff5d93e256baa9be3a79ce247b429
-
SHA256
03780b831d73440886c6ed5d71c3c1c4eea293569d9c454372f959cc8aeb49fd
-
SHA512
d43ae328960ee0f03a858cab28e2daf93437c1969bbd0fa4e2f1dcce5726b121b88c4b6189d1d6ed88aab77dc15210c66799128039110bcd37a90e4bc467b114
-
SSDEEP
768:jRbjxPZL4MvMrkbHwTN0GVQ+d4SeqzXf34BfW/PHA8zGesvEaApXwBDGRpn+tKg7:FjLjkr4Haboqz40/DzGeUEaHq0Hcd2
Static task
static1
Behavioral task
behavioral1
Sample
9b12deefce1d5506012665df7f3ef103_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9b12deefce1d5506012665df7f3ef103_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=72EF66C14DF86B76&resid=72EF66C14DF86B76%21164&authkey=AH0Y9pQ2RueJP6M
Targets
-
-
Target
9b12deefce1d5506012665df7f3ef103_JaffaCakes118
-
Size
106KB
-
MD5
9b12deefce1d5506012665df7f3ef103
-
SHA1
ec03f66334aff5d93e256baa9be3a79ce247b429
-
SHA256
03780b831d73440886c6ed5d71c3c1c4eea293569d9c454372f959cc8aeb49fd
-
SHA512
d43ae328960ee0f03a858cab28e2daf93437c1969bbd0fa4e2f1dcce5726b121b88c4b6189d1d6ed88aab77dc15210c66799128039110bcd37a90e4bc467b114
-
SSDEEP
768:jRbjxPZL4MvMrkbHwTN0GVQ+d4SeqzXf34BfW/PHA8zGesvEaApXwBDGRpn+tKg7:FjLjkr4Haboqz40/DzGeUEaHq0Hcd2
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-