General
-
Target
f989b3a6a8dfa3cb2de35ed0037863ba9ac2d48ea5ab411ca5ee3b6b35fcfeb5
-
Size
96KB
-
Sample
210504-2nltt4mcv6
-
MD5
e2777087ae21f30e48b870933f7d21df
-
SHA1
ccbadd732111ab1fd9c75278176e2b592080811f
-
SHA256
f989b3a6a8dfa3cb2de35ed0037863ba9ac2d48ea5ab411ca5ee3b6b35fcfeb5
-
SHA512
27768811dfe75a765277ad13774c679301c6b88c063d7125d06704522363eaa42539bc928c88d5fb765900746fe06d47e8b75a31abe8c4641df34ddb45e50a80
Static task
static1
Behavioral task
behavioral1
Sample
f989b3a6a8dfa3cb2de35ed0037863ba9ac2d48ea5ab411ca5ee3b6b35fcfeb5.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
f989b3a6a8dfa3cb2de35ed0037863ba9ac2d48ea5ab411ca5ee3b6b35fcfeb5.exe
Resource
win10v20210408
Malware Config
Extracted
guloader
http://172.93.162.253/bin_XWGtFJzI218.bin
Targets
-
-
Target
f989b3a6a8dfa3cb2de35ed0037863ba9ac2d48ea5ab411ca5ee3b6b35fcfeb5
-
Size
96KB
-
MD5
e2777087ae21f30e48b870933f7d21df
-
SHA1
ccbadd732111ab1fd9c75278176e2b592080811f
-
SHA256
f989b3a6a8dfa3cb2de35ed0037863ba9ac2d48ea5ab411ca5ee3b6b35fcfeb5
-
SHA512
27768811dfe75a765277ad13774c679301c6b88c063d7125d06704522363eaa42539bc928c88d5fb765900746fe06d47e8b75a31abe8c4641df34ddb45e50a80
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-