General
-
Target
e4d9fba1b0abefc577cb58b774b3f38892fe7ed7a57076f94354f510deafc332
-
Size
15KB
-
Sample
220121-2xpf9scchp
-
MD5
9cd25246104a043bb807e95035dc1ebe
-
SHA1
a5991694b284beb0ea50c34a21a7fb0cede4c64a
-
SHA256
e4d9fba1b0abefc577cb58b774b3f38892fe7ed7a57076f94354f510deafc332
-
SHA512
198b7baef7ee5a410609ce2f5a9eef3a74f21d11c8bab858d30c1a7f0d76e5de81f8d34d19e255ca5442f5c7823d2baa1c647812142ce9d950feaa5176d1a8aa
Static task
static1
Behavioral task
behavioral1
Sample
Comprobante de transferencia.pdf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Comprobante de transferencia.pdf.exe
Resource
win10-en-20211208
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=185yfGKZexOdEd7mpzk2cg-0hQHnY6XWe
Targets
-
-
Target
Comprobante de transferencia.pdf.exe
-
Size
48KB
-
MD5
fc0557257080e207819d005d257833f8
-
SHA1
5a7d76b52983a8babcfec637c0319a15c2dce22e
-
SHA256
72b08b2bc289e7665a1701f07f6e366898ceb61fa289007187fded38834267f3
-
SHA512
c036a1f635bf2adab66c2e29176cca3b1fde4f8319e1f09c562fef8aacf5ad99f61f8036ede90a10d86f6bf56eb67d36528780caa48f8ee8787b8a10e03eddd7
Score10/10-
Guloader Payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-