General
-
Target
981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4
-
Size
156KB
-
Sample
210422-vlh6kb4nsx
-
MD5
d5b8e2ce449917bf395454082de6cba9
-
SHA1
fe872c03ceef39422218003bc5a34be4faf47e55
-
SHA256
981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4
-
SHA512
54dc37f2345a4b70786920c80adf8c1fc72c9ab97edf95b239453c081ab221134fbbc8ae8d8fd3ce635d4b3aec8f42fbc44005930e917e10e1a72cbd5e442e48
Static task
static1
Behavioral task
behavioral1
Sample
981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4
-
Size
156KB
-
MD5
d5b8e2ce449917bf395454082de6cba9
-
SHA1
fe872c03ceef39422218003bc5a34be4faf47e55
-
SHA256
981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4
-
SHA512
54dc37f2345a4b70786920c80adf8c1fc72c9ab97edf95b239453c081ab221134fbbc8ae8d8fd3ce635d4b3aec8f42fbc44005930e917e10e1a72cbd5e442e48
Score10/10-
Guloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-