General
-
Target
e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3
-
Size
48KB
-
Sample
220131-17d8lsdcc7
-
MD5
df6e0bc9e9a9871821374d9bb1e12542
-
SHA1
d9acd005d61c287660cf9a9b4effdde78e01bece
-
SHA256
e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3
-
SHA512
4c00f4dbd24bfe52b4207f4c6d82a3af8e0f85cd07d83befcf45c6a4edf787077693efe010e92320dd1dd2f0654ea738efd291455e9cbec7f8b05563733b8b39
Static task
static1
Behavioral task
behavioral1
Sample
e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
guloader
https://fmglogistics-my.sharepoint.com/:u:/g/personal/cfs-hph_fmgloballogistics_com/EX30cSO-FxVEvmgm8O7XHL4ByKe15ghVU829DmSIWng6Jg?e=BFRtSN&download=1
Targets
-
-
Target
e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3
-
Size
48KB
-
MD5
df6e0bc9e9a9871821374d9bb1e12542
-
SHA1
d9acd005d61c287660cf9a9b4effdde78e01bece
-
SHA256
e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3
-
SHA512
4c00f4dbd24bfe52b4207f4c6d82a3af8e0f85cd07d83befcf45c6a4edf787077693efe010e92320dd1dd2f0654ea738efd291455e9cbec7f8b05563733b8b39
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-