General
-
Target
c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf
-
Size
104KB
-
Sample
230129-vfglrsec85
-
MD5
5349b5908937badcc7da5a7e533ce5f2
-
SHA1
a3cccd7025d680f5f2f80180938b4a727af17fe6
-
SHA256
c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf
-
SHA512
a618120c797756e352d6bc2094da0cc7ce5f4e1eeefe7e192774b7c9e0170397e531198fc932e48b9131ab9f677a4614794cb421f667c053e73ca15d6acc97a2
-
SSDEEP
1536:vX48EADaxqABSEbn/kFxqWyGYE0X48EAD:exqABS+sPqWD
Malware Config
Extracted
guloader
http://mtspsmjeli.sch.id/cl/VK_Remcos%20v2_AxaGIU151.bin
Targets
-
-
Target
c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf
-
Size
104KB
-
MD5
5349b5908937badcc7da5a7e533ce5f2
-
SHA1
a3cccd7025d680f5f2f80180938b4a727af17fe6
-
SHA256
c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf
-
SHA512
a618120c797756e352d6bc2094da0cc7ce5f4e1eeefe7e192774b7c9e0170397e531198fc932e48b9131ab9f677a4614794cb421f667c053e73ca15d6acc97a2
-
SSDEEP
1536:vX48EADaxqABSEbn/kFxqWyGYE0X48EAD:exqABS+sPqWD
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-