General
-
Target
948d025ac7e38d02364a7e41ed0d8294965c724e3981a05b05aafd49f068d127
-
Size
84KB
-
Sample
220701-rpg24shec5
-
MD5
0cf8b3763263114cb1ea854e3cfd4d31
-
SHA1
eebfeb10a0f0560968d6caa610c3ab15e35cb305
-
SHA256
948d025ac7e38d02364a7e41ed0d8294965c724e3981a05b05aafd49f068d127
-
SHA512
be2aa934190ca684aa64e37417dc6b3f156417b454168713e172416733b93e72e684d6898eead1c0f0f8e7cc2fcb891124544623b6a5bbd7c1c8596d7e9ea03f
Static task
static1
Behavioral task
behavioral1
Sample
948d025ac7e38d02364a7e41ed0d8294965c724e3981a05b05aafd49f068d127.msi
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
948d025ac7e38d02364a7e41ed0d8294965c724e3981a05b05aafd49f068d127.msi
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
http://cermiamakmur.com/ii/11feb_encrypted_B16478F.bin
Targets
-
-
Target
948d025ac7e38d02364a7e41ed0d8294965c724e3981a05b05aafd49f068d127
-
Size
84KB
-
MD5
0cf8b3763263114cb1ea854e3cfd4d31
-
SHA1
eebfeb10a0f0560968d6caa610c3ab15e35cb305
-
SHA256
948d025ac7e38d02364a7e41ed0d8294965c724e3981a05b05aafd49f068d127
-
SHA512
be2aa934190ca684aa64e37417dc6b3f156417b454168713e172416733b93e72e684d6898eead1c0f0f8e7cc2fcb891124544623b6a5bbd7c1c8596d7e9ea03f
Score10/10-
Guloader Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-