General
-
Target
118f52b809205173695432ce0cb8f549_JaffaCakes118
-
Size
180KB
-
Sample
240626-lq894a1fmk
-
MD5
118f52b809205173695432ce0cb8f549
-
SHA1
9e8630d903a44945f7e0b107005b20026fcc0ac5
-
SHA256
119aed96b731f84dc4bc6cf38f8f2110373c266e5ef18f49eacf7ce1e106ce2c
-
SHA512
e401f8a4a1e132867ef7073ac707f19696add75e8f91a78d868cd5d5c91e00ba688671af41a8c02f7a6a9728363ee40d9b4d8efa0f23d9982298e12c25ac1b27
-
SSDEEP
1536:6n4Og5YjenvitHCEwgDGvQ5ubNSFTNq/:6BgGBHCPIRTNq/
Static task
static1
Behavioral task
behavioral1
Sample
118f52b809205173695432ce0cb8f549_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
118f52b809205173695432ce0cb8f549_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
guloader
http://62.113.202.111/Remmy_jMBaBPxmX117.bin
Targets
-
-
Target
118f52b809205173695432ce0cb8f549_JaffaCakes118
-
Size
180KB
-
MD5
118f52b809205173695432ce0cb8f549
-
SHA1
9e8630d903a44945f7e0b107005b20026fcc0ac5
-
SHA256
119aed96b731f84dc4bc6cf38f8f2110373c266e5ef18f49eacf7ce1e106ce2c
-
SHA512
e401f8a4a1e132867ef7073ac707f19696add75e8f91a78d868cd5d5c91e00ba688671af41a8c02f7a6a9728363ee40d9b4d8efa0f23d9982298e12c25ac1b27
-
SSDEEP
1536:6n4Og5YjenvitHCEwgDGvQ5ubNSFTNq/:6BgGBHCPIRTNq/
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-