General
-
Target
c87290bb28696eddacaadc0f01805f841bda964d55efa9c39d0a06f1d31ede3b
-
Size
84KB
-
Sample
220131-18hmesdcd9
-
MD5
6f771a54cdb6f1cc2130310bc40f215f
-
SHA1
f860c1449917fb1e5418a4862bbb28b79ec29787
-
SHA256
c87290bb28696eddacaadc0f01805f841bda964d55efa9c39d0a06f1d31ede3b
-
SHA512
d49d0db7bc6fa784e517d5d457b4516faa2d2bc36e336827c1a10c251daeb725a9bc1edc815d58febb0bb3068bf68086700dbfd0376aeb9b08041214cc15eb0f
Static task
static1
Behavioral task
behavioral1
Sample
c87290bb28696eddacaadc0f01805f841bda964d55efa9c39d0a06f1d31ede3b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
c87290bb28696eddacaadc0f01805f841bda964d55efa9c39d0a06f1d31ede3b.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=4C3F5C65A99DA195&resid=4C3F5C65A99DA195%21250&authkey=AC-XqzwfVaSlHmQ
Targets
-
-
Target
c87290bb28696eddacaadc0f01805f841bda964d55efa9c39d0a06f1d31ede3b
-
Size
84KB
-
MD5
6f771a54cdb6f1cc2130310bc40f215f
-
SHA1
f860c1449917fb1e5418a4862bbb28b79ec29787
-
SHA256
c87290bb28696eddacaadc0f01805f841bda964d55efa9c39d0a06f1d31ede3b
-
SHA512
d49d0db7bc6fa784e517d5d457b4516faa2d2bc36e336827c1a10c251daeb725a9bc1edc815d58febb0bb3068bf68086700dbfd0376aeb9b08041214cc15eb0f
Score10/10-
Sets service image path in registry
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-