General
-
Target
INV0ICE C0PY.zip.7z
-
Size
27KB
-
Sample
220131-cecbjsddgp
-
MD5
51d3bd691b4beb8b483b08933d6f533e
-
SHA1
63c1695b4aeb4effb39b31698d33518e9e3aa98a
-
SHA256
ed12457d2e41eddbf1fa49c3edf0e3e54f4c737a486055355f99e3136a652048
-
SHA512
99424f94a08fbd7e438d4e23bfb73a3b4c992ef4dc7a06c33082d9301f5009cc333ff70f7b88821359b994cacf9b9012d390f9b71fb87d72e424b4a47ca47a15
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10-en-20211208
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1YdzMc5lNekF42GRT6sm0BvWK7b2zDn1f
Targets
-
-
Target
Invoice.exe
-
Size
60KB
-
MD5
02305e9d37d47426ee680cf76f11e2bd
-
SHA1
ec6e579799848ca15bc88b28e3d8098a1385f4a3
-
SHA256
c4237eedbf270996457b9c8c5722d6fbfcaf1446c0c7d73aea14317fabba85c1
-
SHA512
ded4f29bd3131766c8c2a9f14f6989762410c56ea4cb90608585647c727dd5988c608b3e4702223bd309b9082830a54173eb6e6f4455cd38d3cd1bf1171930df
Score10/10-
Guloader Payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-