General
-
Target
50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af
-
Size
108KB
-
Sample
210509-4jeqlgj7ws
-
MD5
c1bbb80a3a9617259a87b1be77215c97
-
SHA1
1f176833a49f04aff11ed74580b5dfc725cf20bd
-
SHA256
50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af
-
SHA512
3046ffd635074341d28924b480d0d62bcaff798f92aaf36ec1980de4e27f93a01494720fece7bbd1e3115c5568b281034a791949f46554003b6ad008f0e60604
Static task
static1
Behavioral task
behavioral1
Sample
50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af.exe
Resource
win10v20210410
Malware Config
Extracted
guloader
https://www.mediafire.com/file/bg09a2z8p0ojruh/origin_dwqUQLYCkO21.bin/file
Targets
-
-
Target
50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af
-
Size
108KB
-
MD5
c1bbb80a3a9617259a87b1be77215c97
-
SHA1
1f176833a49f04aff11ed74580b5dfc725cf20bd
-
SHA256
50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af
-
SHA512
3046ffd635074341d28924b480d0d62bcaff798f92aaf36ec1980de4e27f93a01494720fece7bbd1e3115c5568b281034a791949f46554003b6ad008f0e60604
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-