General
-
Target
559103bb7792055adf5d5c093a7813d6d8418f35f4b4c0a81e68486e034f9c2d
-
Size
16KB
-
Sample
220701-sahwjahaeq
-
MD5
b4def7fbba51dd82d44b8093d14a48d8
-
SHA1
8774b24f34799c07e396232be1321f0f81dbd2e1
-
SHA256
559103bb7792055adf5d5c093a7813d6d8418f35f4b4c0a81e68486e034f9c2d
-
SHA512
d1e3e53f8306a655437d104734d2a32d5feb3ca0ba80a79080071bd15af164a7d7aec3d7333b325d92421fa539e1773bb61f012dc994bf397b443456d35440ee
Static task
static1
Behavioral task
behavioral1
Sample
PO_#20202602.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_#20202602.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1gKqCSICYGIrZRanQX1uIQYJBckKa2fUb
Targets
-
-
Target
PO_#20202602.scr
-
Size
48KB
-
MD5
45439e2dfdd3b1f54b4952a46b487fa4
-
SHA1
d8becaffacaf238a8abe233bff210963d0d36e1e
-
SHA256
bac78784a96599a619b48b9998c449d213cd113bda215a0b6fe11e358e336785
-
SHA512
38532b48e6e71907fbd569e4e3ee71322f019368efa1db89f39f9a7b0dd5440859c9b824f6d2f0bda4c7c63ea95547f003c3db3fd571b41ffd75fdf07ea225bf
Score10/10-
Guloader Payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-