Analysis
-
max time kernel
187s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-01-2023 16:20
Static task
static1
Behavioral task
behavioral1
Sample
949b414a9516e4746044c40c3eceb7f74fcedd46455c6797a9b3f79e0d57dcf1.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
949b414a9516e4746044c40c3eceb7f74fcedd46455c6797a9b3f79e0d57dcf1.exe
Resource
win10v2004-20221111-en
General
-
Target
949b414a9516e4746044c40c3eceb7f74fcedd46455c6797a9b3f79e0d57dcf1.exe
-
Size
96KB
-
MD5
e58dc1160ff26daddcdc2e8c58d28f34
-
SHA1
2f98d5c82ccb9a50ab7d1ba03f5044370499d1d9
-
SHA256
949b414a9516e4746044c40c3eceb7f74fcedd46455c6797a9b3f79e0d57dcf1
-
SHA512
65018b3311ba25bc00dea6e4a1bffbc97538d06f14a4bf1be0e92031e977e22b9df09c08f17c9a5ce1d43397d2fdc4bc434eb26c6839f2c7e2a2d9f4b7ae6c63
-
SSDEEP
1536:Ik/p3GEnxggU4dMYzJg/QmDRYBZ2L3e3UTL1L/tz10p3GEnx:I53YdgF/30wT
Malware Config
Extracted
guloader
http://mtspsmjeli.sch.id/cl/XP_remcos%202021_HzUYr10.bin
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
949b414a9516e4746044c40c3eceb7f74fcedd46455c6797a9b3f79e0d57dcf1.exepid process 2216 949b414a9516e4746044c40c3eceb7f74fcedd46455c6797a9b3f79e0d57dcf1.exe