General
-
Target
1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf
-
Size
80KB
-
Sample
220707-ylfs7shfhn
-
MD5
698482b9819bcf8973fba7e0deaf862e
-
SHA1
023a888790843bd788483da56b0422981dd4e826
-
SHA256
1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf
-
SHA512
10cd41330d30903cae38b21cf46e7ae4aea5bc694effe28df78799912f11009b08c48bed9855a016d256cc0080a99c8bdc03f95afa25c2d1872914f4f7675d7d
Static task
static1
Behavioral task
behavioral1
Sample
1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1uIC_VY6SuPUt6vF_2WvqGhzus4onPU4o
Targets
-
-
Target
1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf
-
Size
80KB
-
MD5
698482b9819bcf8973fba7e0deaf862e
-
SHA1
023a888790843bd788483da56b0422981dd4e826
-
SHA256
1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf
-
SHA512
10cd41330d30903cae38b21cf46e7ae4aea5bc694effe28df78799912f11009b08c48bed9855a016d256cc0080a99c8bdc03f95afa25c2d1872914f4f7675d7d
Score10/10-
Guloader payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-