General
-
Target
1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
-
Size
80KB
-
Sample
220201-jyedksbcal
-
MD5
950483bcaff55045d695761e386cb514
-
SHA1
9a4cf1caf2bd6082883c24f6e4d6b98fffed71f0
-
SHA256
1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
-
SHA512
90f8aed09c42fad97194bd1c4b787af72cae287e35516635ff4cfb92072340dd970d3e67182d8d5ab8662d6aa2b2cfc4b756aa17f04ba79b477c72ab56026900
Static task
static1
Behavioral task
behavioral1
Sample
1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1UnZE1_XDcad5DW8fsVFD8K1ZYDla2tyn
Targets
-
-
Target
1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
-
Size
80KB
-
MD5
950483bcaff55045d695761e386cb514
-
SHA1
9a4cf1caf2bd6082883c24f6e4d6b98fffed71f0
-
SHA256
1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
-
SHA512
90f8aed09c42fad97194bd1c4b787af72cae287e35516635ff4cfb92072340dd970d3e67182d8d5ab8662d6aa2b2cfc4b756aa17f04ba79b477c72ab56026900
Score10/10-
Guloader Payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-