General
-
Target
7a38a88227a31acef6f3130d11535b644a60b21900901e365c76c09e7df48488
-
Size
22KB
-
Sample
220701-r79j3sghen
-
MD5
7363c80fe618895d0fa8e7b62d8a51a3
-
SHA1
557a42dbec82e223f4bdc2e9a2bb8310d855eee4
-
SHA256
7a38a88227a31acef6f3130d11535b644a60b21900901e365c76c09e7df48488
-
SHA512
4f804b26d4520bcd98dbe7ae48d248c2b96b9a5b1d13f2ff467ab41d0ebce5bfbcbf1a46a8fdfbf8a4fd4e4c05b221bbaf923babf811e90d64d0addd20783be3
Static task
static1
Behavioral task
behavioral1
Sample
PO79024.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO79024.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1LnoRNotpNCWFQS8vXYufgQtJ8WVULDEd
Targets
-
-
Target
PO79024.exe
-
Size
68KB
-
MD5
7a26334fd827738fb207b6757f49e85d
-
SHA1
aaef081824a2a0e4cb193e7a8a5d45aa2ac1463c
-
SHA256
fe29dfd5cbc6b588ef00f19b48463a0fe9e56416e087a2615d59edb393c027d4
-
SHA512
d4330089d1e2844e15ce14bb341643f69a2d7e06a64dbb00e17892fca517ea193435a8fb68062073daf5e59f4cdfa8799e9b664ae8c3a4169b018c87acae2a8f
Score10/10-
Guloader Payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-