General
-
Target
de1cf950768ed85e8db91067ad1fcb75f5b3ea065bac9f8d9d02a13ef6c84015
-
Size
23KB
-
Sample
220521-w79masbbd7
-
MD5
3b1324268d47a3bc16a639b9a66b9f31
-
SHA1
91d8d116ac1ef93367f72472a03394f513b47e35
-
SHA256
de1cf950768ed85e8db91067ad1fcb75f5b3ea065bac9f8d9d02a13ef6c84015
-
SHA512
4b5ae918ddf9790db9e2f1d368243776c31c5268dbc505d65e8f6aacf90532c11b1b866af16c366fe2310bbea9301dd5e9c8a2d2b1e6c712ae80f581497beff7
Static task
static1
Behavioral task
behavioral1
Sample
Attached_ContainerDoc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Attached_ContainerDoc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1ol4wY5Dn2LEtHM6S_jwboyrfoOEmdpLR
Targets
-
-
Target
Attached_ContainerDoc.bat
-
Size
100KB
-
MD5
93015d49e177c32dea9aba2fb14168f1
-
SHA1
86bb1b7127f97910163c9e4226b81c63edb4f657
-
SHA256
df8a22b84b09a0871f6823edb9a826bab424c3e518b18a51e49e7ce1c311ca9a
-
SHA512
c1ef8d3df6d74160c684ec1779bcc35fc89e8c2abcd2c3b255d8afef52df50ca04f71357abc5ce316984af05b469ca925896258b4a33c7748ee230fc500f1d67
Score10/10-
Executes dropped EXE
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-