General
-
Target
f38a6a99eb426c7c222b78231ba730b59f4ca324235fe5099b00682e1deefca5
-
Size
18KB
-
Sample
220121-2tpymabha5
-
MD5
f120e50f943089358052a4d0d760a47e
-
SHA1
73d5a2f78375552262382525190ad7b735b5e33d
-
SHA256
f38a6a99eb426c7c222b78231ba730b59f4ca324235fe5099b00682e1deefca5
-
SHA512
5c35d3ef2b5d2240def6282d9f3bf0d1704571157dd45f0ded3c7c52cf6956f697d0bc4561dc0ae47cae33870f845b7157c20fc929c291c811cc99a9fafb57a9
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Proforma Invoice.exe
Resource
win10-en-20211208
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1t2kWSyeWJ0Nxuf3Q0XWr6hhlOTDB_4Og
Targets
-
-
Target
Proforma Invoice.exe
-
Size
64KB
-
MD5
d09f1e15cbc187edc5792c61d8670a09
-
SHA1
2b7059a6964b634dd7bb372b5e62c38887b8e93d
-
SHA256
3561b08594d47d1c827ef76518197472532bfae0ffb9329711f51dc0ee9bdf2a
-
SHA512
f5c4436dc0dc002785d6574614ed2f9d2b3b175f3e14fa546dd131736d2cc263de289dd818940c5a61ca536616b48b69a0245698f2cdef6e5f2a4bc450fdec27
Score10/10-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-