General
-
Target
63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd
-
Size
96KB
-
Sample
210505-9116m88g32
-
MD5
6069bf9742a8ce15f44e35405c861540
-
SHA1
f3a763465ca3f12b00955d3a1d017b3a2d47049d
-
SHA256
63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd
-
SHA512
7b3e467510d93f3c65d893fee5d58aba66754543232df8d1c05fa32a96299cb8a5df49a89fac469e784f1625cb70c26802fd799ca5c6e5095b334c1c04c462a1
Static task
static1
Behavioral task
behavioral1
Sample
63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd.exe
Resource
win10v20210410
Malware Config
Extracted
guloader
http://172.93.162.253/bin_WJoRuvaovF116.bin
Targets
-
-
Target
63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd
-
Size
96KB
-
MD5
6069bf9742a8ce15f44e35405c861540
-
SHA1
f3a763465ca3f12b00955d3a1d017b3a2d47049d
-
SHA256
63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd
-
SHA512
7b3e467510d93f3c65d893fee5d58aba66754543232df8d1c05fa32a96299cb8a5df49a89fac469e784f1625cb70c26802fd799ca5c6e5095b334c1c04c462a1
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-