General
-
Target
2af4e6b031c848337c9ecc26b07d888d6a37964137125cad1475fc646adcee72
-
Size
817KB
-
Sample
230206-ntjjysha4w
-
MD5
ca294a7cd41349c52db4336d3dd4d9a7
-
SHA1
b657c74a81c2c5c7729c2128bcd66da89f95afd1
-
SHA256
2af4e6b031c848337c9ecc26b07d888d6a37964137125cad1475fc646adcee72
-
SHA512
e8a1a3e904691043ff329253f7d93a095f0cac877ff1c56776373b623e4dd47902f2c0dd39ae35150eeb180b3250e3da9bf6ee5b5e0e92530aa72d3f9716853b
-
SSDEEP
12288:rzHSwv6XXvvYRVb8UBrbGDKWEyxhXRHZr8PB+guORV4kb:yY6XXIRV/OKWEyBHZr8PQgNzn
Malware Config
Targets
-
-
Target
2af4e6b031c848337c9ecc26b07d888d6a37964137125cad1475fc646adcee72
-
Size
817KB
-
MD5
ca294a7cd41349c52db4336d3dd4d9a7
-
SHA1
b657c74a81c2c5c7729c2128bcd66da89f95afd1
-
SHA256
2af4e6b031c848337c9ecc26b07d888d6a37964137125cad1475fc646adcee72
-
SHA512
e8a1a3e904691043ff329253f7d93a095f0cac877ff1c56776373b623e4dd47902f2c0dd39ae35150eeb180b3250e3da9bf6ee5b5e0e92530aa72d3f9716853b
-
SSDEEP
12288:rzHSwv6XXvvYRVb8UBrbGDKWEyxhXRHZr8PB+guORV4kb:yY6XXIRV/OKWEyBHZr8PQgNzn
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-