General
-
Target
bb9e4697a8a50fd18aafc26dbb19f7d13f51a8d650d67555f509e5f0aff1b824
-
Size
124KB
-
Sample
220201-etx8nshba8
-
MD5
1a53e9230ba3bbd5969cc4499baaacdd
-
SHA1
2a55286c66012cfb09151effabac6f8d54cc3ce1
-
SHA256
bb9e4697a8a50fd18aafc26dbb19f7d13f51a8d650d67555f509e5f0aff1b824
-
SHA512
3dd984ec282e2bd4ce4e26aa2c84548b69ef695ef761498eb40a4484a9f5be08bca851ca3d868b8b353721b65fd3252a42ebe0ad5cfc70d0591b97b580752f3d
Static task
static1
Behavioral task
behavioral1
Sample
bb9e4697a8a50fd18aafc26dbb19f7d13f51a8d650d67555f509e5f0aff1b824.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
bb9e4697a8a50fd18aafc26dbb19f7d13f51a8d650d67555f509e5f0aff1b824.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1usXhLD59IUljCZdD222jP2QYU-GP28tz
http://bnvtfhdfsasd.ug/Host_encrypted_F8B4CEF.bin
Targets
-
-
Target
bb9e4697a8a50fd18aafc26dbb19f7d13f51a8d650d67555f509e5f0aff1b824
-
Size
124KB
-
MD5
1a53e9230ba3bbd5969cc4499baaacdd
-
SHA1
2a55286c66012cfb09151effabac6f8d54cc3ce1
-
SHA256
bb9e4697a8a50fd18aafc26dbb19f7d13f51a8d650d67555f509e5f0aff1b824
-
SHA512
3dd984ec282e2bd4ce4e26aa2c84548b69ef695ef761498eb40a4484a9f5be08bca851ca3d868b8b353721b65fd3252a42ebe0ad5cfc70d0591b97b580752f3d
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-