General
-
Target
e97e14f57e6f9ad987e4b5079b7ba8a387115b89784958d40d1f65d79d027315
-
Size
84KB
-
Sample
220131-165n6sdcc3
-
MD5
92345545d4c4826d147940ceb326d0d2
-
SHA1
8e04adf5606faa643028e75a5d9adab400ec31d5
-
SHA256
e97e14f57e6f9ad987e4b5079b7ba8a387115b89784958d40d1f65d79d027315
-
SHA512
469f80d61c81292f6be1931ae15d24beaf1562019a44050a1cb3eab82343cccd21ee3f2d0f2d19adf8e66b3c18536150b9f1bc9d1fd5e6d32a525dc013f23fa8
Static task
static1
Behavioral task
behavioral1
Sample
e97e14f57e6f9ad987e4b5079b7ba8a387115b89784958d40d1f65d79d027315.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e97e14f57e6f9ad987e4b5079b7ba8a387115b89784958d40d1f65d79d027315.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=4C3F5C65A99DA195&resid=4C3F5C65A99DA195%21251&authkey=AJfIELIxPkc02ok
Targets
-
-
Target
e97e14f57e6f9ad987e4b5079b7ba8a387115b89784958d40d1f65d79d027315
-
Size
84KB
-
MD5
92345545d4c4826d147940ceb326d0d2
-
SHA1
8e04adf5606faa643028e75a5d9adab400ec31d5
-
SHA256
e97e14f57e6f9ad987e4b5079b7ba8a387115b89784958d40d1f65d79d027315
-
SHA512
469f80d61c81292f6be1931ae15d24beaf1562019a44050a1cb3eab82343cccd21ee3f2d0f2d19adf8e66b3c18536150b9f1bc9d1fd5e6d32a525dc013f23fa8
Score10/10-
Sets service image path in registry
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-