General
-
Target
SBG-1100319PurchaseOrder.exe
-
Size
200KB
-
Sample
210415-wv37m4hz3a
-
MD5
2dd62d78b9f7e9c5529502e085b55756
-
SHA1
151d4cd68958df35ae706cc232627a05e923307f
-
SHA256
c63a3f86be406a11e8f7760403e407a97441753205f8cef432fd634856ca2992
-
SHA512
9b7d8ee135dca77460b5e2d566c2b42f68d5b97918f6d9c2f4bdf6f89d6c46b8001482123880d46137a59ef04bec89498f728d018d4cc8fc57f56fbdfb705349
Static task
static1
Behavioral task
behavioral1
Sample
SBG-1100319PurchaseOrder.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SBG-1100319PurchaseOrder.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
sheilabeltagy4m.hopto.org:2048
micheal3m.hopto.org:2048
Targets
-
-
Target
SBG-1100319PurchaseOrder.exe
-
Size
200KB
-
MD5
2dd62d78b9f7e9c5529502e085b55756
-
SHA1
151d4cd68958df35ae706cc232627a05e923307f
-
SHA256
c63a3f86be406a11e8f7760403e407a97441753205f8cef432fd634856ca2992
-
SHA512
9b7d8ee135dca77460b5e2d566c2b42f68d5b97918f6d9c2f4bdf6f89d6c46b8001482123880d46137a59ef04bec89498f728d018d4cc8fc57f56fbdfb705349
Score10/10-
Guloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-