General
-
Target
51aec932db01fc08aec8d681c44129d3850bb8a60dfe4632a28eda582123325c
-
Size
63KB
-
Sample
220718-qqqj7sdhhp
-
MD5
0b63fa4f141229a6450a7ad8b5709d8d
-
SHA1
6e042486716a1e5029e7c84733e070d008e34bb6
-
SHA256
51aec932db01fc08aec8d681c44129d3850bb8a60dfe4632a28eda582123325c
-
SHA512
534c59de24e8ffbf4e92452d99036f34c51c385dba7b2af2ff9024db7cbaeed7ef16f27d2b9e35f504ffbea13cde60ea0495a5815ec75496496c3fc3bddbedd6
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220718-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1fnZYdfwUJYzHFLrXgG7wIq6WxcijjIHV
Targets
-
-
Target
SOA.exe
-
Size
188KB
-
MD5
513180affbaff85bb0fc7cfda975eed0
-
SHA1
2c2a6467f735c400cd6d6b7bd134c88170b53c64
-
SHA256
05804946495c374598d2e32fe407b86a8668fb67b28591953ee320e3b71d63c3
-
SHA512
88c0e48c17ee5f0e15d0047934e5f4dc845dadf56bbd4304e8dfe8283c1e6f52282c4a602da872abc5bc769c6c569d5d1755d331c7e396ee742f1b81ab003675
Score10/10-
Guloader payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-