General
-
Target
8136f8c683cdfebb012eb0d0130125689beacd54d79937536d20cba9ea7c567d
-
Size
16KB
-
Sample
220701-sfnc7sahg8
-
MD5
2dbe076c891291faa5bacd38188465d3
-
SHA1
a71b1dcbbc156089d0b105e358fa9bea9438723e
-
SHA256
8136f8c683cdfebb012eb0d0130125689beacd54d79937536d20cba9ea7c567d
-
SHA512
9f899ffcd978e7eac8f77b1a5808002ea9dca038e5d77d2386887bc730b218a441f4437976eaeace0c904e778587519b8b00853bf5a5df600b92b8026ac641b3
Static task
static1
Behavioral task
behavioral1
Sample
TNT Original Invoice.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TNT Original Invoice.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1gKqCSICYGIrZRanQX1uIQYJBckKa2fUb
Targets
-
-
Target
TNT Original Invoice.scr
-
Size
48KB
-
MD5
45439e2dfdd3b1f54b4952a46b487fa4
-
SHA1
d8becaffacaf238a8abe233bff210963d0d36e1e
-
SHA256
bac78784a96599a619b48b9998c449d213cd113bda215a0b6fe11e358e336785
-
SHA512
38532b48e6e71907fbd569e4e3ee71322f019368efa1db89f39f9a7b0dd5440859c9b824f6d2f0bda4c7c63ea95547f003c3db3fd571b41ffd75fdf07ea225bf
Score10/10-
Guloader Payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-