General
-
Target
3eed869077fe1731bf9d92900cf612e64eab726136ccf1030f0395351a0377f2
-
Size
21KB
-
Sample
220521-w8jghaedfr
-
MD5
7b988452dc108fcc197703499af8acb1
-
SHA1
be96415211c6b8362c9bba2caea68198506fef07
-
SHA256
3eed869077fe1731bf9d92900cf612e64eab726136ccf1030f0395351a0377f2
-
SHA512
00fc2ab4dc1b43b1906605fe7e2636fb1efbdf3512f72d0cad03a2a4484790a37642784ad4c19213583356600ceaaf83791b57c6379c9bd79b024470f458c3d3
Static task
static1
Behavioral task
behavioral1
Sample
scan_12052020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
scan_12052020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1wilQBcUq3xvhUQ_LwuH33VNutalqMFZH
Targets
-
-
Target
scan_12052020.bat
-
Size
88KB
-
MD5
9f883705429b72c4e01d9c2fcfb284b8
-
SHA1
d91f1f721e2248a60c2a69cbd6eb27efe43b86ba
-
SHA256
e66f28f19fd4c89cbfbea489fa12cad084b07d722fb8111650a8128ee75cc061
-
SHA512
1d32bcfa751ff4714640916364f3b4f5a508db89b4acfe492dd550b9c468840e7e27fe20b58db7dbf895703a38e30d2ffd93a1b1f4e848de9db3cbb54e2a9480
Score10/10-
Executes dropped EXE
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-