General
-
Target
b36007e8275a822141b6dabf8cfba95a3833e5cd1cc4d8be6b61ad5ba32f065a
-
Size
504KB
-
Sample
220521-xcts2aegbr
-
MD5
b5bb2f95993a05e4fb8fb3aaa2a6b8d4
-
SHA1
233c1529d7093eec5517a79eed37d66500bb813e
-
SHA256
b36007e8275a822141b6dabf8cfba95a3833e5cd1cc4d8be6b61ad5ba32f065a
-
SHA512
4772ef2e533f8d4988851206881d56bea91671f1e5b10225ae9175d5c52257821ed8eb4a0fa9f364aa30be6800d463d3f2a8e28c0baf43bd3fa3986f2577237e
Static task
static1
Behavioral task
behavioral1
Sample
25131_Payment_Confirmation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
25131_Payment_Confirmation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://www.bodyhealthbrasil.com/bc/mayomo_RGwvy106.bin
Targets
-
-
Target
25131_Payment_Confirmation.exe
-
Size
444KB
-
MD5
96c31f972f7dff2632aeb270268c2011
-
SHA1
20ba389bdd0cf117c64b20e8486f1158959654bc
-
SHA256
fbae0ff635e7b7cb7646fded915f70803f4c564348b77bf2c6d9809c4353e9a6
-
SHA512
70bb0a1ecc107302fe99047d5012de43cf66dec7011726bf03056eae25f5b2589cdeaca06bc1b7aa20ba9aa442bba20c5db1a61068025e80c38c73b0f6e679fd
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-