General
-
Target
590279b782c6ad660c2d1aa229215c70a93edc2fa27d1fcb7e19b573d7c14b64
-
Size
21KB
-
Sample
220521-w8kdssbbf2
-
MD5
479a382089f4add22d5143b2ff4b0d64
-
SHA1
31efa77527c0b33efb5c7388cdaea7a2f25cc60e
-
SHA256
590279b782c6ad660c2d1aa229215c70a93edc2fa27d1fcb7e19b573d7c14b64
-
SHA512
1f45deece2aa91bb9831543bedfdb7c330c416294adaad009b2df73e5fdeb6f57e87c5b071e29872d402436a12afe665a46dc3cfdbad5e590ab7540ddddd676b
Malware Config
Extracted
guloader
https://firebasestorage.googleapis.com/v0/b/soosme-3cbe1.appspot.com/o/uol_uQbWNhgG61.bin?alt=media&token=c7bb058a-2bcf-4103-b67e-00156c3a01be
Targets
-
-
Target
PST0987321.bat
-
Size
88KB
-
MD5
8975285b48e798c40cb8ec576a84a188
-
SHA1
dfaaa26f8a280774548d6792d3b403bdac8dd35a
-
SHA256
d8fa1f011d7743b7ca0c824e760d6588627b7b8084d5a479f971190ef094561c
-
SHA512
47d2a704081c446915216cef100957881f4be1778c3f2ec1ec5c06f82096c69f60c9bc2b9d32c6ec8ffeddb3c6f56fc1e9cc53590dad9730244fe0c7c1ecf6a7
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Executes dropped EXE
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-