General
-
Target
f5c9d7e1a4975f9854ffcd690b4ca54dfd4007f48e290300c137c996cdf0f2c7
-
Size
64KB
-
Sample
220131-16vh7sdcb9
-
MD5
50b1d1dfece17fe955bf9da7942c5a73
-
SHA1
850b3f601b12b29834662eaeccbf3a0b64a1865d
-
SHA256
f5c9d7e1a4975f9854ffcd690b4ca54dfd4007f48e290300c137c996cdf0f2c7
-
SHA512
ddf81af3cd83e0f9f496c56943ee34c9e40aceefc962233f6c5abe83376b24db8d0329a685f680d6c433594717e67dfa1c7a4fd611438ea053bba5a4988a2edb
Static task
static1
Behavioral task
behavioral1
Sample
f5c9d7e1a4975f9854ffcd690b4ca54dfd4007f48e290300c137c996cdf0f2c7.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f5c9d7e1a4975f9854ffcd690b4ca54dfd4007f48e290300c137c996cdf0f2c7.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1AVTDLDSQxNt0_L_QntDh2z-sDmXVzSAh
Targets
-
-
Target
f5c9d7e1a4975f9854ffcd690b4ca54dfd4007f48e290300c137c996cdf0f2c7
-
Size
64KB
-
MD5
50b1d1dfece17fe955bf9da7942c5a73
-
SHA1
850b3f601b12b29834662eaeccbf3a0b64a1865d
-
SHA256
f5c9d7e1a4975f9854ffcd690b4ca54dfd4007f48e290300c137c996cdf0f2c7
-
SHA512
ddf81af3cd83e0f9f496c56943ee34c9e40aceefc962233f6c5abe83376b24db8d0329a685f680d6c433594717e67dfa1c7a4fd611438ea053bba5a4988a2edb
Score10/10-
Sets service image path in registry
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-