General
-
Target
29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923
-
Size
52KB
-
Sample
220124-gbjzfachb2
-
MD5
61ce777555ee4d591ff151e0927ab8d4
-
SHA1
3c5a6a8825101a71d2372f5c6961861ef1b4223f
-
SHA256
29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923
-
SHA512
3783ae2713492347fa627e51f3def9ec0502ed5c4d0f7e5c0932f80fa93e6a951ceb5708bd6347c031e081b1f7017bf86597db34fb6655f2f748439c825bd628
Static task
static1
Behavioral task
behavioral1
Sample
29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923.exe
Resource
win10-en-20211208
Malware Config
Extracted
guloader
https://share.dmca.gripe/hUZTLm0ETh86oDEL.bin
Targets
-
-
Target
29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923
-
Size
52KB
-
MD5
61ce777555ee4d591ff151e0927ab8d4
-
SHA1
3c5a6a8825101a71d2372f5c6961861ef1b4223f
-
SHA256
29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923
-
SHA512
3783ae2713492347fa627e51f3def9ec0502ed5c4d0f7e5c0932f80fa93e6a951ceb5708bd6347c031e081b1f7017bf86597db34fb6655f2f748439c825bd628
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-