Analysis
-
max time kernel
74s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 16:20
Static task
static1
Behavioral task
behavioral1
Sample
c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275.exe
Resource
win10v2004-20220812-en
General
-
Target
c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275.exe
-
Size
100KB
-
MD5
c8c40b010a3853eed35081c3675f5cc9
-
SHA1
2422b9359fa3e983816904abcd0d2edcc2e4602c
-
SHA256
c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275
-
SHA512
8068127f874cf4e549f0268198af2f24b5ad825a2d38b4a6dcdf6d6c0261a2e7f73bd8aeb4915ee0eec31e865f1cecd8bffa2efc98dae3d560e645b157761f4f
-
SSDEEP
1536:JM+VffsakR8aXL0qyTkZdcm6DAZc7kb7R5X8:JM4sakRR7pMiqPcZcf
Malware Config
Extracted
guloader
http://185.161.211.58/XP_remcos%202021_HzUYr10.bin
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275.exepid process 940 c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275.exe