General
-
Target
4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34
-
Size
72KB
-
Sample
221125-kwzr6sac5v
-
MD5
2235094ea7814d69ef927b04f5ae99d7
-
SHA1
5e7ca91b7e8fa62a4c096a9977715a2b87c1dd20
-
SHA256
4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34
-
SHA512
961ba0bfca0785ac227a97648ad33600a27ae1d6b6aec5e9c002e83563d41fdf218a6c1b17c178ddfd395baa6f9ce8c5fed46dd54ad698c390292d3f4367fc88
-
SSDEEP
1536:n46tqdJnIllfVDYP1zVb+KEwbPzceENxKVb7qdJnIllfVDYP1:4GcJnInU1zVnCsVncJnInU1
Static task
static1
Behavioral task
behavioral1
Sample
4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1ohieY-C4cvZAlE4IeE-oAipqoPYNKBBu
https://filezico.com/stub2020_encrypted_3F4B900.bin
Targets
-
-
Target
4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34
-
Size
72KB
-
MD5
2235094ea7814d69ef927b04f5ae99d7
-
SHA1
5e7ca91b7e8fa62a4c096a9977715a2b87c1dd20
-
SHA256
4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34
-
SHA512
961ba0bfca0785ac227a97648ad33600a27ae1d6b6aec5e9c002e83563d41fdf218a6c1b17c178ddfd395baa6f9ce8c5fed46dd54ad698c390292d3f4367fc88
-
SSDEEP
1536:n46tqdJnIllfVDYP1zVb+KEwbPzceENxKVb7qdJnIllfVDYP1:4GcJnInU1zVnCsVncJnInU1
Score10/10-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-