General
-
Target
23397adcd06190cdab44c5da6774177044f4019685d013fb458a3aadbb26b049
-
Size
18KB
-
Sample
220701-r624lsgghl
-
MD5
0c85bef45d7f941583441722b9b8736b
-
SHA1
39f21786caf4fe651f7d3f0a3e8ca2f6315068ee
-
SHA256
23397adcd06190cdab44c5da6774177044f4019685d013fb458a3aadbb26b049
-
SHA512
14e5ee06acca8a5a6424fee2d0ebe7776b6aa474b8eca5db2581a499ecd1c987c0decca2ac2b9d08645d55d3e07d27cac69f4e18ef159c8be2aa6147865739ae
Static task
static1
Behavioral task
behavioral1
Sample
TNT Original Invoice.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TNT Original Invoice.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1Xu-EBHrFFCps27uSuZn8x9gpuvb2NinM
Targets
-
-
Target
TNT Original Invoice.scr
-
Size
56KB
-
MD5
225f9b295408d8e092a508ee31bb8888
-
SHA1
6bb0189a2b0b47d9543f9677c00777560970d3b2
-
SHA256
48d2c69c57d3408576c61445c567193bafaf5cdeedc0b5132f0493d7d0630db8
-
SHA512
616539164e4a647bc06b4185ca4fec838dbf83458fb7b13c1093dc466a28b3f5aa6aa99941456c051e015e8e7bf6c055e3bbcba0717daf2435925d5c43cdfa17
Score10/10-
Guloader Payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-