General
-
Target
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56
-
Size
120KB
-
Sample
210926-kgzhvsefb9
-
MD5
eebba195900bad46e7bbc0fa0056a807
-
SHA1
710d6af6f423bfb4445c9db04cff7fe1256c2c76
-
SHA256
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56
-
SHA512
fab6e9a79eba833ec6d9ec09ae9450bea1f0a9bad0ff44a2e24e0d31a653834c9cfd64d7ef7ecbe43537d29ed921fc5df1dc6e750136cff8a49540961cfdce0c
Malware Config
Targets
-
-
Target
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56
-
Size
120KB
-
MD5
eebba195900bad46e7bbc0fa0056a807
-
SHA1
710d6af6f423bfb4445c9db04cff7fe1256c2c76
-
SHA256
27544130e07733ee39f8bcf161fcc408b2489da2251d37a826f5ff48eb057c56
-
SHA512
fab6e9a79eba833ec6d9ec09ae9450bea1f0a9bad0ff44a2e24e0d31a653834c9cfd64d7ef7ecbe43537d29ed921fc5df1dc6e750136cff8a49540961cfdce0c
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-