General
-
Target
3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3
-
Size
68KB
-
Sample
220703-xffetaefe8
-
MD5
6638bc78f2982b626882ef0a8f2691ad
-
SHA1
cfe9f9a48ff33b1cbbb98bd11912a9d02812ac3b
-
SHA256
3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3
-
SHA512
260c9c42465122adf87ae9af3723ec922f9badeb9a12e4211c4221be40dd39e492e9efef96eca3dc47198ca9b97be12086ae79cc283479bf365dcecff2a4dfe8
Static task
static1
Behavioral task
behavioral1
Sample
3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1UPSdmz5-CbjEG0swZp8Jimwt4JW5ee8e
Targets
-
-
Target
3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3
-
Size
68KB
-
MD5
6638bc78f2982b626882ef0a8f2691ad
-
SHA1
cfe9f9a48ff33b1cbbb98bd11912a9d02812ac3b
-
SHA256
3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3
-
SHA512
260c9c42465122adf87ae9af3723ec922f9badeb9a12e4211c4221be40dd39e492e9efef96eca3dc47198ca9b97be12086ae79cc283479bf365dcecff2a4dfe8
Score10/10-
Guloader Payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-