General
-
Target
Startsym1.exe
-
Size
48KB
-
Sample
221025-vgt89adcdp
-
MD5
1ae080b109bc5ab7cfd42e5d02b12437
-
SHA1
0e48b88e2a79cc437bfd4934064e2779da9940b8
-
SHA256
bfa5dba46db1253587058b0392c04c8403846fa55d7dcf1044e94e6a654d4715
-
SHA512
61f080e620572e4f131c8a931aef775be6c384ae4ff1f843dba30c0f5a399e95e0c23279f8c87cf5da152bda23593133aac030fdc886db29ce9021f77bd3c75a
-
SSDEEP
384:zqHMmP96PzXflkuAL0OzZOxcejrjTxEABlayQo2HJT4C5+N0ps9o7lBE6:zqHMml8vlkuALR4abfHSCRSMlO
Behavioral task
behavioral1
Sample
Startsym1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Startsym1.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1THD-itP7iOm05w_6SQSb-C3tgd3cLMzO
Targets
-
-
Target
Startsym1.exe
-
Size
48KB
-
MD5
1ae080b109bc5ab7cfd42e5d02b12437
-
SHA1
0e48b88e2a79cc437bfd4934064e2779da9940b8
-
SHA256
bfa5dba46db1253587058b0392c04c8403846fa55d7dcf1044e94e6a654d4715
-
SHA512
61f080e620572e4f131c8a931aef775be6c384ae4ff1f843dba30c0f5a399e95e0c23279f8c87cf5da152bda23593133aac030fdc886db29ce9021f77bd3c75a
-
SSDEEP
384:zqHMmP96PzXflkuAL0OzZOxcejrjTxEABlayQo2HJT4C5+N0ps9o7lBE6:zqHMml8vlkuALR4abfHSCRSMlO
Score10/10-
Guloader payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-