General
-
Target
dbaa7c78967b5940aeab47df359e9a365f64e91019e8e45385eb5f248922da88
-
Size
84KB
-
Sample
210508-qpb5j4zjwj
-
MD5
eac11af6b1c0d12ae39ef490e7916067
-
SHA1
d3ce19add02073a36627919e5c8c82f8d182d6fa
-
SHA256
dbaa7c78967b5940aeab47df359e9a365f64e91019e8e45385eb5f248922da88
-
SHA512
03edd7a6e6fad15b9110321a7ece4f782d8f0163e4eb43225d0e63a386d108f7c5f4ad8c5b0decaa7b580498b779fb53a035f9c1b17ae0465ed42cce797d5c74
Static task
static1
Behavioral task
behavioral1
Sample
dbaa7c78967b5940aeab47df359e9a365f64e91019e8e45385eb5f248922da88.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
dbaa7c78967b5940aeab47df359e9a365f64e91019e8e45385eb5f248922da88.exe
Resource
win10v20210408
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1hQILvhuKCpLHCDyIe1Ixva67uM_ixN1N
Targets
-
-
Target
dbaa7c78967b5940aeab47df359e9a365f64e91019e8e45385eb5f248922da88
-
Size
84KB
-
MD5
eac11af6b1c0d12ae39ef490e7916067
-
SHA1
d3ce19add02073a36627919e5c8c82f8d182d6fa
-
SHA256
dbaa7c78967b5940aeab47df359e9a365f64e91019e8e45385eb5f248922da88
-
SHA512
03edd7a6e6fad15b9110321a7ece4f782d8f0163e4eb43225d0e63a386d108f7c5f4ad8c5b0decaa7b580498b779fb53a035f9c1b17ae0465ed42cce797d5c74
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-