General
-
Target
a8e4b2993ebac406c7945e801e7da09e94393b8ee4a52114e4b40255a8c2a737
-
Size
65KB
-
Sample
221108-t4rwzagac4
-
MD5
dc2c21650524c890e37d17ff2c536d75
-
SHA1
473a4048017fb3b7f5a3260d8fc06688230309ef
-
SHA256
a8e4b2993ebac406c7945e801e7da09e94393b8ee4a52114e4b40255a8c2a737
-
SHA512
f8e84839b220317f7fdf2cd677afcf65729cafe196761d9462c502c13c7cc16615d7406de0280f536f0e07821fa6115d9369b08aa13d95b376f1d66420eb027c
-
SSDEEP
1536:Rxw3jH3cXrI0K/7qNgpwSQSeX585NMfRx11:Y3jH3cbI0cqSpaNwKJ
Static task
static1
Behavioral task
behavioral1
Sample
RE Proforma Invoice.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RE Proforma Invoice.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
guloader
http://pashupatiexports.com/chimaoriginrawfile_hbsqQD194.bin
Targets
-
-
Target
RE Proforma Invoice.exe
-
Size
188KB
-
MD5
928ac4fab89fcbe9d9b37a65b549a9d2
-
SHA1
daf561981c38dba10440e48660bc55c3d57690dc
-
SHA256
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
-
SHA512
2f3b95f61253e558b73b7dfec9490eaf8f930ee442b62cdfe88a611657673b90ea9698ab40299ef44b1bab0efe2209712f3471b80726196475e2e538c426dc51
-
SSDEEP
1536:uPjOV8I1obdncfAyshYt6ZYLgWdzFPO0gMrJteE/1+3uUnpgyQFLRMCvN4OekMfE:WNg4jb4kqKMZjosBhjDeu90Frof0yB
Score10/10-
Guloader payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-