General
-
Target
a71995d869fcdf6ae0b58abe5d627436_JaffaCakes118
-
Size
89KB
-
Sample
240613-3e4nxayfnp
-
MD5
a71995d869fcdf6ae0b58abe5d627436
-
SHA1
4f9b703886c2aa099251a4342d74765d76c0604d
-
SHA256
23aa67983111007b432bd4d2b55d78800fba7fe895f923e2b923153e50c10d28
-
SHA512
7326c3aa96b54f694f3977c3ea96c03a8c0cf73e7f5fd31a7477247ab1a34d26755820e0aac6fa9d87ac185cf7b1f6c8eeb78cbbf3167c65dca2b00078c09441
-
SSDEEP
1536:slzuN0rVtjA3BaGnWYum6XTSBFD7qSoWEP5XHSPJ3B52mIkNK1bm:s7wFZF35DEP5XHSPJ2mIIK1bm
Static task
static1
Behavioral task
behavioral1
Sample
Order#073.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Order#073.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1cXTi1WNzcett61Pgnqcr5rFctey0JuUG
https://www.sendspace.com/pro/dl/jels8m
Targets
-
-
Target
Order#073.exe
-
Size
212KB
-
MD5
d6912e3cfb5a944107ab95ffbd9c60b0
-
SHA1
3c2a33f7f9c2eb50ce4cb4d31edbec5a99d14a90
-
SHA256
978097862e5a0a1051cf9edb9f6bb2c6399b48ed50bcfb93fc8930fae993f4b3
-
SHA512
346d7563f20c406ab973ef78ac88c7943e3c6ba88e22dbe99e92d5de4e229e06cbeaa6020c6295f95e9a339dcc066895144d5e3227cfc4589a06d280e923e9a1
-
SSDEEP
1536:aUR1Ted1IXc+nL76qk5GWGweW/+/XXFTy2gPZMp0wxHSPJ3BXlUgtWa3NMA/:fRled1QL76qlWQVlgBM1HSPH1Ya99/
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-