General
-
Target
ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b
-
Size
100KB
-
Sample
220131-16z4pacgck
-
MD5
3d1fd9bcef7cbe915bb49857461ad781
-
SHA1
2cefa31941545092ce5092bc98f3d58d66fb1b55
-
SHA256
ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b
-
SHA512
8f46b2d5fc24075282217d84eb4d69996659e548055c70052b5927b0af401954dd289d4fd628309b2d46bdc5a8027b253b7417f72c4a18d527798ae1bd1412dd
Static task
static1
Behavioral task
behavioral1
Sample
ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1cs40Db_dgZugASem90KebWJ2mVl6LmjR
Targets
-
-
Target
ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b
-
Size
100KB
-
MD5
3d1fd9bcef7cbe915bb49857461ad781
-
SHA1
2cefa31941545092ce5092bc98f3d58d66fb1b55
-
SHA256
ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b
-
SHA512
8f46b2d5fc24075282217d84eb4d69996659e548055c70052b5927b0af401954dd289d4fd628309b2d46bdc5a8027b253b7417f72c4a18d527798ae1bd1412dd
Score10/10-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-