General
-
Target
e77f27cba91b5f2d3debf179b6044278bfe9c5e313ce2edf307eff35d65318ff
-
Size
260KB
-
Sample
220701-sgp87ahdej
-
MD5
f2be0ce4ed197a6f9da3ced65454de32
-
SHA1
e827d31644367b43cf0757c241b686394d1cd95c
-
SHA256
e77f27cba91b5f2d3debf179b6044278bfe9c5e313ce2edf307eff35d65318ff
-
SHA512
4cdf0691d7a756e5320ab0b84e670db187d05e159e1ba2fa28d4a3056436c98cb5ecd20c65f83ea126cd0fbc07c45b7cd925ba135dd00ed47637450728867bc8
Static task
static1
Behavioral task
behavioral1
Sample
7104630_Payment_Confirmation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7104630_Payment_Confirmation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://dumontec.com.br/i/mayomo_QZmPm112.bin
Targets
-
-
Target
7104630_Payment_Confirmation.exe
-
Size
200KB
-
MD5
dae415c9cea869e7a59673fb2e92075b
-
SHA1
bdee9c4cc0a6ef3731a7dfcf5c43508af4651b96
-
SHA256
b920d1987e381d9b0944672e76d927fc6e1dc90173990aa1143a1029da87d9f5
-
SHA512
58fae66998084eaf04a889d1bd3968f72635a66ea49e1043a9c37b9c3647151eecb66194c3b94a6b4fb4b100286791f36f61c8f11a1281f4a823cefd4ceaa458
Score10/10-
Guloader Payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-