General
-
Target
9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8
-
Size
140KB
-
Sample
210508-x9emlg4znn
-
MD5
7deecd28ccb949d5c855dacc980298f2
-
SHA1
3a5cdb7227fdf47ded4ff1fe1dd38cfa502eea84
-
SHA256
9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8
-
SHA512
f1d1b66497bd2deea07392cdafe5a07284cdbba2e9e9c17978d35a7094d605b40e525222759e64d473d13b0356e344c0e3efed16bc5a6e14b380b67b5c9b452b
Static task
static1
Behavioral task
behavioral1
Sample
9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8.exe
Resource
win10v20210410
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=16HNLjxnV8VDMTThcctq09H1-RlR7b_vX
Targets
-
-
Target
9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8
-
Size
140KB
-
MD5
7deecd28ccb949d5c855dacc980298f2
-
SHA1
3a5cdb7227fdf47ded4ff1fe1dd38cfa502eea84
-
SHA256
9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8
-
SHA512
f1d1b66497bd2deea07392cdafe5a07284cdbba2e9e9c17978d35a7094d605b40e525222759e64d473d13b0356e344c0e3efed16bc5a6e14b380b67b5c9b452b
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-