General
-
Target
d096adaf4e51ae9bc61a1e5b677faf764ae1dd34459c1c3ed88bdf98244766b1
-
Size
19KB
-
Sample
220521-xzgrzsgack
-
MD5
216738d31fa526ec3de812fc2c336e9d
-
SHA1
56d39e2e8c4855754d6d4ed85c185fa72d97330b
-
SHA256
d096adaf4e51ae9bc61a1e5b677faf764ae1dd34459c1c3ed88bdf98244766b1
-
SHA512
5e09eb6cc1ffa8e3533e82b1f28b5effb680348b8cce797e579ebada2b73b11db13f36be59ebeb8f47dcd2411fc8ec3692634f709104f8ed91fe79f44817e51f
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION REQUEST FROM EUROSTAR.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATION REQUEST FROM EUROSTAR.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
http://beheshtsoft.com/order/tuned_OvgPrj61.bin
Targets
-
-
Target
QUOTATION REQUEST FROM EUROSTAR.exe
-
Size
80KB
-
MD5
788707adc4c4be37151838bdc4233623
-
SHA1
56c441b5c7c080c9663ff695691609e5aaa538d6
-
SHA256
472a4d21f664dbdb78739e9847cda51b6bb6d1a296307fff8a3991d5543056b3
-
SHA512
b9560075528db153b82517b75bba86c108d70d34b9af7b4457f0368e0cd429c1d741eb50dee828656b86316f5e16d5cd9ee029ca267379e3bfef78925a215a2d
Score10/10-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-