General
-
Target
ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e
-
Size
45KB
-
Sample
220521-xy4v5agabm
-
MD5
663d39d174d4e1e034939da4017b6ee8
-
SHA1
b230e468e708968fba8b33b2ea25ea12de73bc98
-
SHA256
ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e
-
SHA512
5cc3be16c3eff3c617a32dab2600335c874d0846261d0863f3545bc7b4f73b41cf9881ac2a77289db354622a6c97cceefe2033f8c1c7295bb8422ba8d78b764d
Static task
static1
Behavioral task
behavioral1
Sample
SQ0894795.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SQ0894795.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://taleoudine.com/bryt2_xkAWOqihL67.bin
Targets
-
-
Target
SQ0894795.exe
-
Size
92KB
-
MD5
174f32e90c9316ecf500e2a8a4965062
-
SHA1
5d682fd001e54ab1bcfaf7266564a3c0cdbbbce7
-
SHA256
7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061
-
SHA512
b1847d9456e3467112628bec12bde4b5559bb5f56541f6879b0b6e2a2305f2e8ef9ceeafb48a7fd469348db0cfddd34b7ca4a3ed2e1f5ae894d79d03d1940664
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-