General
-
Target
a2b744c7920722a628855ecb4487a5d8-vt-file.7z
-
Size
27KB
-
Sample
210416-hhrxbk2ty2
-
MD5
d1048c2165c8c3bcdb50868e7735c115
-
SHA1
7f9fd6e8498bd6712ee547789d1fad69e0885375
-
SHA256
534b1acb9b1b2124e044304d0c5f41ff9e2ba1cb11ec10ce5bc17eed43788110
-
SHA512
c36683da9fb998dbd7121eec3e3ac0b52c9d1bf37e9e6cd4805b865c3b81493d4952ba2565bc1e0436c315958c617a8f323a5667aa156db86679796dba3974b6
Static task
static1
Behavioral task
behavioral1
Sample
a2b744c7920722a628855ecb4487a5d8-vt-file.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a2b744c7920722a628855ecb4487a5d8-vt-file.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
a2b744c7920722a628855ecb4487a5d8-vt-file
-
Size
100KB
-
MD5
a2b744c7920722a628855ecb4487a5d8
-
SHA1
cd3cd003b3e1d169fcb297754769ff90f2458bf8
-
SHA256
f0495a673447b0fc924bf4181898d85cbcfc3921c41bfe216abd28b6bfff7c00
-
SHA512
e45f201838d82a909fb98f9c5d9df14e53ab20f46161344c030853c4fb96b37be39eb479e7cf9c3ad6b86a2e5ef85042b774ef7d6b61df73474a22613e4d9587
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-