Overview

overview

10

Static

static

VAN DE WER...pg.exe

windows7-x64

10

VAN DE WER...pg.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VAN DE WERT - po240975_jpg.exe

  • Size

    445KB

  • Sample

    221222-qjm6hahf5z

  • MD5

    e5fdfc2e819712600c1cf79d4f274022

  • SHA1

    bc947ca0dc25f1ba54ccbe5a14d84f53f22feb9d

  • SHA256

    7c54b7d54c409f3eee45a1ed7e7eee5da5c0577c2fcf974defa989d75a9ef9aa

  • SHA512

    aec8f7481909206169cc7f51b6fb7747e214f237db71ba7ec523a495256179412a17eab91346e9d04b6c622743a4b7693b5bc64a6c3e0ece9f9b4b63c47ddf21

  • SSDEEP

    12288:SzgOyj6Yd/6W48bLL+NVkOb/wZKpYgIgfC:jOyvd/zLLAVkObosW

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      VAN DE WERT - po240975_jpg.exe

    • Size

      445KB

    • MD5

      e5fdfc2e819712600c1cf79d4f274022

    • SHA1

      bc947ca0dc25f1ba54ccbe5a14d84f53f22feb9d

    • SHA256

      7c54b7d54c409f3eee45a1ed7e7eee5da5c0577c2fcf974defa989d75a9ef9aa

    • SHA512

      aec8f7481909206169cc7f51b6fb7747e214f237db71ba7ec523a495256179412a17eab91346e9d04b6c622743a4b7693b5bc64a6c3e0ece9f9b4b63c47ddf21

    • SSDEEP

      12288:SzgOyj6Yd/6W48bLL+NVkOb/wZKpYgIgfC:jOyvd/zLLAVkObosW

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks