General
-
Target
4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4
-
Size
52KB
-
Sample
221125-kcmnhahb3x
-
MD5
56d6212310c5ab3edf20f0edaf925b27
-
SHA1
2fc6d933ce07d8d14d908554c200925136fd014c
-
SHA256
4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4
-
SHA512
52d80436d54d25a5383766755147d5ba8a51d2f3071ae9116b31b5e37e9e700bdffc71d2ae5474ce016988f3d3b79961acbcc03ad04cd6eaf99deb248594187d
-
SSDEEP
384:snvKasK0S11V+bv+cmz7xeEXvwhwtvIMXkO4IJqErcGATIKG:snvyKcbv+cmXhfwh0wMXBjYE4GAz
Static task
static1
Behavioral task
behavioral1
Sample
4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
guloader
http://ribbonlogistics.com/js/jquery/public/cagefs/files/bin/9UJYHT.bin
https://www.mastqalander.pk/deal-manager/.well-known/pki-validation/9UJYHT.bin
Targets
-
-
Target
4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4
-
Size
52KB
-
MD5
56d6212310c5ab3edf20f0edaf925b27
-
SHA1
2fc6d933ce07d8d14d908554c200925136fd014c
-
SHA256
4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4
-
SHA512
52d80436d54d25a5383766755147d5ba8a51d2f3071ae9116b31b5e37e9e700bdffc71d2ae5474ce016988f3d3b79961acbcc03ad04cd6eaf99deb248594187d
-
SSDEEP
384:snvKasK0S11V+bv+cmz7xeEXvwhwtvIMXkO4IJqErcGATIKG:snvyKcbv+cmXhfwh0wMXBjYE4GAz
Score10/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-