General
-
Target
4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346
-
Size
108KB
-
Sample
210505-59mdmp17sn
-
MD5
b5ab0642f7fc7304d715000e262aa7d5
-
SHA1
9a622c6d20bcd10f4328405ce844af46a3dbf407
-
SHA256
4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346
-
SHA512
2d9ee0a318e2a2ebc1f1d8de70d444b87bacfe800f18901f39b855ae292fd9454f47bff5b880d93432530fa19e0997df76d9cd26e3996f3a05e57b050c1550a1
Static task
static1
Behavioral task
behavioral1
Sample
4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346.exe
Resource
win10v20210408
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=E61E5F3F655316FA&resid=E61E5F3F655316FA%21136&authkey=ADy1X8G-a-i3n0s
Targets
-
-
Target
4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346
-
Size
108KB
-
MD5
b5ab0642f7fc7304d715000e262aa7d5
-
SHA1
9a622c6d20bcd10f4328405ce844af46a3dbf407
-
SHA256
4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346
-
SHA512
2d9ee0a318e2a2ebc1f1d8de70d444b87bacfe800f18901f39b855ae292fd9454f47bff5b880d93432530fa19e0997df76d9cd26e3996f3a05e57b050c1550a1
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-