General
-
Target
61410225ef1bc11ee0faca1268d6f79e92909fbb21758e070d146da483efc352
-
Size
54KB
-
Sample
220730-1lk42ahdh6
-
MD5
be1f80ff180e87912560986e84c3b544
-
SHA1
5390494fcea4ab463fffce99f003d200646ffff4
-
SHA256
61410225ef1bc11ee0faca1268d6f79e92909fbb21758e070d146da483efc352
-
SHA512
8a5b3605f0d5d0bf13cabf06d93570b23301612edcbe1a3db74b614ca35d985a318d1414f97f412f63ed210e1cb2c21373e1aaee484b59e3e394ce055a3af207
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.OA.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Proforma Invoice.OA.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1uqLetSjGzBGadccK_rcmxM_8-6gUA_Af
Targets
-
-
Target
Proforma Invoice.OA.exe
-
Size
120KB
-
MD5
939ea57906aff547a48f939d7a2d3c10
-
SHA1
e3f06d100d862fa9bcd621f362de9af804a4fc77
-
SHA256
66c906d1b2d174c8ab0b3bae95400b148554c97fb4bfec81f3b545c0d1067e15
-
SHA512
e4b339d96b95a3b3f35dab922d1f5e40220ebfee19d9bc3d88c7db50237ff9debc959ac2110b139bea998d5d9043309fe6c49f7686f9cf1a5b3a6129cfc73ebf
Score10/10-
Guloader payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-