General
-
Target
C3BBDDB6CEBD8672A4FA8B7B8BA20A1E.fil
-
Size
456KB
-
Sample
221230-ytbt8agd87
-
MD5
c3bbddb6cebd8672a4fa8b7b8ba20a1e
-
SHA1
4dae188eb28413a1f8b21e22761cd1d65260a495
-
SHA256
309ec4a383a2322d4d5bf95da7efed35f43b4957b5f5255003d93019dd10ba70
-
SHA512
9e6212501f9a4a23dd5f6972ed837c91bb61affcf4ce4fa710f558c9cc1db4618ea10613fc6da4d2f66fd1801e39adc7a9db942a2775b24df412ecedca113e1c
-
SSDEEP
12288:q2d0rASyHEXQ+ex/NeG7t1utf5P7kYiHG:qoSyUy/YwrG
Malware Config
Targets
-
-
Target
C3BBDDB6CEBD8672A4FA8B7B8BA20A1E.fil
-
Size
456KB
-
MD5
c3bbddb6cebd8672a4fa8b7b8ba20a1e
-
SHA1
4dae188eb28413a1f8b21e22761cd1d65260a495
-
SHA256
309ec4a383a2322d4d5bf95da7efed35f43b4957b5f5255003d93019dd10ba70
-
SHA512
9e6212501f9a4a23dd5f6972ed837c91bb61affcf4ce4fa710f558c9cc1db4618ea10613fc6da4d2f66fd1801e39adc7a9db942a2775b24df412ecedca113e1c
-
SSDEEP
12288:q2d0rASyHEXQ+ex/NeG7t1utf5P7kYiHG:qoSyUy/YwrG
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-