General
-
Target
3c9004f9be1c84d28820577c1d892bdbf266e1dbff2aa09b1656bd853caf6835
-
Size
96KB
-
Sample
221125-kbzlnsha81
-
MD5
9d869dc52423cc7fd932592c39faa32a
-
SHA1
cf438cfda84a31bea0e80b807b80bfe1a8749cae
-
SHA256
3c9004f9be1c84d28820577c1d892bdbf266e1dbff2aa09b1656bd853caf6835
-
SHA512
1a1bee6086edff9cd76d0cc8f32d377b9dba2733b47cee408baff1c5b7ad5bdce2d777a487d51854ed010deba1a7e95cde8bd73895eee41f0cf3c6987a88c9c8
-
SSDEEP
768:dg/v9AZqE+Caqi6UfBNhaQId1HyddYzctsCjuZHfMlig:u/AD/Xi6UfBNmVyd4cts1sR
Static task
static1
Behavioral task
behavioral1
Sample
3c9004f9be1c84d28820577c1d892bdbf266e1dbff2aa09b1656bd853caf6835.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3c9004f9be1c84d28820577c1d892bdbf266e1dbff2aa09b1656bd853caf6835.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
guloader
https://bngsmartshop.com/sky_encrypted_408F3F0.bin
Targets
-
-
Target
3c9004f9be1c84d28820577c1d892bdbf266e1dbff2aa09b1656bd853caf6835
-
Size
96KB
-
MD5
9d869dc52423cc7fd932592c39faa32a
-
SHA1
cf438cfda84a31bea0e80b807b80bfe1a8749cae
-
SHA256
3c9004f9be1c84d28820577c1d892bdbf266e1dbff2aa09b1656bd853caf6835
-
SHA512
1a1bee6086edff9cd76d0cc8f32d377b9dba2733b47cee408baff1c5b7ad5bdce2d777a487d51854ed010deba1a7e95cde8bd73895eee41f0cf3c6987a88c9c8
-
SSDEEP
768:dg/v9AZqE+Caqi6UfBNhaQId1HyddYzctsCjuZHfMlig:u/AD/Xi6UfBNmVyd4cts1sR
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-