General
-
Target
6496d2ad7f1d051893d931981e0c23f1d4b5ad0e25bf437531285579b017f616
-
Size
448KB
-
Sample
230129-tx6rjsdf59
-
MD5
c976d86401ff3f21e368ba31d3db2a87
-
SHA1
52c84b3a15e4599eed6d050251b7f7d1eaf638c0
-
SHA256
6496d2ad7f1d051893d931981e0c23f1d4b5ad0e25bf437531285579b017f616
-
SHA512
c53130165d6604685524bb8e1096ea164ecbf5f862162e425a57407c9efa3f1f72418aef06e90a6d7f94ce5fec272088a59e73b28563f7aa1be5f91f10a89f7e
-
SSDEEP
1536:1bLxrsEdHVRHi4e2NVgt4J2RHzDkJUJ/su+3wAvtikWmBaHHGc:9LXri323gAQHzBw3wYtikWmBaHHGc
Static task
static1
Behavioral task
behavioral1
Sample
6496d2ad7f1d051893d931981e0c23f1d4b5ad0e25bf437531285579b017f616.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6496d2ad7f1d051893d931981e0c23f1d4b5ad0e25bf437531285579b017f616.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1B-xB0IiGnXbaMb5bFkqePufSw54eWuCO
Targets
-
-
Target
6496d2ad7f1d051893d931981e0c23f1d4b5ad0e25bf437531285579b017f616
-
Size
448KB
-
MD5
c976d86401ff3f21e368ba31d3db2a87
-
SHA1
52c84b3a15e4599eed6d050251b7f7d1eaf638c0
-
SHA256
6496d2ad7f1d051893d931981e0c23f1d4b5ad0e25bf437531285579b017f616
-
SHA512
c53130165d6604685524bb8e1096ea164ecbf5f862162e425a57407c9efa3f1f72418aef06e90a6d7f94ce5fec272088a59e73b28563f7aa1be5f91f10a89f7e
-
SSDEEP
1536:1bLxrsEdHVRHi4e2NVgt4J2RHzDkJUJ/su+3wAvtikWmBaHHGc:9LXri323gAQHzBw3wYtikWmBaHHGc
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-