General
-
Target
98be1a60aeeb3e42443c670b0e9f185c07b776e2347b8f4e58f7cc85c12fb3e6
-
Size
100KB
-
Sample
230129-srtdlacb96
-
MD5
b4dbd048b22d8e94490388cae3c59928
-
SHA1
d001c360adec029f459b03cdb7bcad0bcf419814
-
SHA256
98be1a60aeeb3e42443c670b0e9f185c07b776e2347b8f4e58f7cc85c12fb3e6
-
SHA512
496a36a47ad1e58b0433d3d983b9b5225ba31a7ce899f66f41dca732476c7acd32d8482e11c4dec007b9190cb370fbade45dc0a265579ece573d01e45fd0ad6b
-
SSDEEP
1536:1WWTwV4fVhubszPs45N/igfQAIqcc0423pN1lA6XVCiHX:5wVUPhzEWN/NoKj23r1lA6XVCiX
Malware Config
Extracted
guloader
https://cdn.discordapp.com/attachments/807722001241210933/813865812821409822/ePbJss27.bin
Targets
-
-
Target
98be1a60aeeb3e42443c670b0e9f185c07b776e2347b8f4e58f7cc85c12fb3e6
-
Size
100KB
-
MD5
b4dbd048b22d8e94490388cae3c59928
-
SHA1
d001c360adec029f459b03cdb7bcad0bcf419814
-
SHA256
98be1a60aeeb3e42443c670b0e9f185c07b776e2347b8f4e58f7cc85c12fb3e6
-
SHA512
496a36a47ad1e58b0433d3d983b9b5225ba31a7ce899f66f41dca732476c7acd32d8482e11c4dec007b9190cb370fbade45dc0a265579ece573d01e45fd0ad6b
-
SSDEEP
1536:1WWTwV4fVhubszPs45N/igfQAIqcc0423pN1lA6XVCiHX:5wVUPhzEWN/NoKj23r1lA6XVCiX
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-