General
-
Target
a8a89b0af7cc2390fab6ffaca9a67e95_JaffaCakes118
-
Size
35KB
-
Sample
240614-jzl5ta1gld
-
MD5
a8a89b0af7cc2390fab6ffaca9a67e95
-
SHA1
e58d176ed4842afd41dcd89461d6e1172e397285
-
SHA256
b083d42c1a784b528f71bb7ba48b3898f364262a2377cdea6c292991cca0b12e
-
SHA512
b34b8061ed5b6066c5141f04f943674e409ebb864d1c1f40ad5d87537c65f3667565adc423fabaab69c0bf770a5b6fd696e3c7443f7667745f7a9e4e3a4171e4
-
SSDEEP
768:h7+n/oeRsjrOUCfUnEglY4iAAXv3GU+uaWTXuD3252QWJJdzHfE:5+nwe+1oUnvlYPXX+0uD325nWHdzHfE
Static task
static1
Behavioral task
behavioral1
Sample
ORDER TEMAQTN03420.pdf.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ORDER TEMAQTN03420.pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ORDER TEMAQTN03420.pdf.bat
-
Size
92KB
-
MD5
112face4604bd6d53890c720014aa6ad
-
SHA1
c02b7af506322cfcd47b2baae832453fbf327850
-
SHA256
2736a22d053fb69491862c85b4365fdc772d33ad83dcef7f426e6bcd725b9301
-
SHA512
d5aaf2765f4fd1667a4aaef1e6f57c084c06964fb88ee30903864fc3102da8cd574954cb8d9b2739daaa8d07fa79ee8433acf35cf5b4eca1f2936035f5b9417f
-
SSDEEP
1536:VOxgxgIyddH/uMKkpxBQ6N5PxbMKkpxBQngxgIyddH/:w8fyddfu8pxBQ6Txb8pxBQn8fyddf
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-