General
-
Target
78092b8a72d068f981f3db3edd29ac6b.exe
-
Size
955KB
-
Sample
230208-wzvs6seb38
-
MD5
78092b8a72d068f981f3db3edd29ac6b
-
SHA1
55b22dbfb28a63564b4f5d227e1ddfc144119846
-
SHA256
61878427cd1d8ae10265dc16cfa10444838db931e19429339fb5b7f44add7db4
-
SHA512
67d19190f7203140280a3fdeeb8d4ea0a511e8fa8449e320f67d0f589ff5bb4fda7c23171449b66698115b07e0ec00e73dc872809287ccc133cf0c5fe41f31ae
-
SSDEEP
24576:YuHL2plae9FplbpCsVQB2Qz8kSSyIrKcMB:telaeznVev8kJrKc2
Malware Config
Targets
-
-
Target
78092b8a72d068f981f3db3edd29ac6b.exe
-
Size
955KB
-
MD5
78092b8a72d068f981f3db3edd29ac6b
-
SHA1
55b22dbfb28a63564b4f5d227e1ddfc144119846
-
SHA256
61878427cd1d8ae10265dc16cfa10444838db931e19429339fb5b7f44add7db4
-
SHA512
67d19190f7203140280a3fdeeb8d4ea0a511e8fa8449e320f67d0f589ff5bb4fda7c23171449b66698115b07e0ec00e73dc872809287ccc133cf0c5fe41f31ae
-
SSDEEP
24576:YuHL2plae9FplbpCsVQB2Qz8kSSyIrKcMB:telaeznVev8kJrKc2
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-