General
-
Target
3766827be1e6b0063c09414c7e6d13912964c26fc346dbc673d6ed6a60f34796
-
Size
292KB
-
Sample
230129-wha3fagb35
-
MD5
3cc13beb8db0f13a819c80363ca6e47d
-
SHA1
b9245332df9c69f4e5ab2ebcc66f074b3fdf7691
-
SHA256
3766827be1e6b0063c09414c7e6d13912964c26fc346dbc673d6ed6a60f34796
-
SHA512
4c880072e67f23d6945a485026374d8f28ea418a53f88c66483a576fc004690a32e4795eec0a88b828b49e451ab4e0d0a609dbc9a3b653e7f008a218083e4965
-
SSDEEP
3072:HLCH/jqOlzvzs8EuHlVGwIfNpm5IKj265dEWAFwlSncsJHZ1MCKWNfr:H+HLLZvzs3uHl9IfNpmhb5mFCQcGN
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1p1Ic0Tf7mgLLNbaarmQFAC-TnM5CWJ0g
Targets
-
-
Target
3766827be1e6b0063c09414c7e6d13912964c26fc346dbc673d6ed6a60f34796
-
Size
292KB
-
MD5
3cc13beb8db0f13a819c80363ca6e47d
-
SHA1
b9245332df9c69f4e5ab2ebcc66f074b3fdf7691
-
SHA256
3766827be1e6b0063c09414c7e6d13912964c26fc346dbc673d6ed6a60f34796
-
SHA512
4c880072e67f23d6945a485026374d8f28ea418a53f88c66483a576fc004690a32e4795eec0a88b828b49e451ab4e0d0a609dbc9a3b653e7f008a218083e4965
-
SSDEEP
3072:HLCH/jqOlzvzs8EuHlVGwIfNpm5IKj265dEWAFwlSncsJHZ1MCKWNfr:H+HLLZvzs3uHl9IfNpmhb5mFCQcGN
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-