General
-
Target
caad589daa525d04613405455e0304f0197ea33a3aa9e8152a99249dac2f42a4
-
Size
132KB
-
Sample
230129-1wb9waed82
-
MD5
dfdbbafef5cf6b3358a099dac867fec6
-
SHA1
fa970f770679a60d0eea9f7e834414335a547721
-
SHA256
caad589daa525d04613405455e0304f0197ea33a3aa9e8152a99249dac2f42a4
-
SHA512
5f248feb2c07bd8041d54d620219ef807cdbaa296d657b73063ec38093588049cc12f190164433a9c3be7278b63e5cb224f2e173117426b52c61a004df362b30
-
SSDEEP
1536:AZHtnIRYS5/Cac/Lo58OT4o/jbkZGcEXH+zX6JaB4a1L73rGUn2MEz:Ph6g8CRTHSNB4a137GU2X
Static task
static1
Behavioral task
behavioral1
Sample
caad589daa525d04613405455e0304f0197ea33a3aa9e8152a99249dac2f42a4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
caad589daa525d04613405455e0304f0197ea33a3aa9e8152a99249dac2f42a4.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1-HLxBTGgDQAJoi4W7itkL8n6nA0XOFJK
Targets
-
-
Target
caad589daa525d04613405455e0304f0197ea33a3aa9e8152a99249dac2f42a4
-
Size
132KB
-
MD5
dfdbbafef5cf6b3358a099dac867fec6
-
SHA1
fa970f770679a60d0eea9f7e834414335a547721
-
SHA256
caad589daa525d04613405455e0304f0197ea33a3aa9e8152a99249dac2f42a4
-
SHA512
5f248feb2c07bd8041d54d620219ef807cdbaa296d657b73063ec38093588049cc12f190164433a9c3be7278b63e5cb224f2e173117426b52c61a004df362b30
-
SSDEEP
1536:AZHtnIRYS5/Cac/Lo58OT4o/jbkZGcEXH+zX6JaB4a1L73rGUn2MEz:Ph6g8CRTHSNB4a137GU2X
Score10/10-
Guloader payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-