Overview

overview

10

Static

static

1

ab21cfb545...f4.exe

windows7-x64

7

ab21cfb545...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab21cfb5452ba5ee7002abb17c8ba1f4.exe

  • Size

    592KB

  • Sample

    230215-rjed2aca97

  • MD5

    ab21cfb5452ba5ee7002abb17c8ba1f4

  • SHA1

    5d71797d395cb395e6c07d30d6aa0e51cc021765

  • SHA256

    20343f047964ef95901941b2406ee66ec976e2d849abbe991f94b6a0fe634881

  • SHA512

    91f0f4da3af7cf0c0db3d52210d692e7e41e7158f20611a87d66d5fadd18f04c0311af9b6daa8c87e683828f1f47a1006067f708036a7bdc528b7b7a2b0f2461

  • SSDEEP

    6144:BalZZ0wa8oGsxld4/9vkYoanxypScRFNJ5kyB/srZqFclhCs7z50mZRw:sZS/8orhYX4p35ky6hzXPCm/

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      ab21cfb5452ba5ee7002abb17c8ba1f4.exe

    • Size

      592KB

    • MD5

      ab21cfb5452ba5ee7002abb17c8ba1f4

    • SHA1

      5d71797d395cb395e6c07d30d6aa0e51cc021765

    • SHA256

      20343f047964ef95901941b2406ee66ec976e2d849abbe991f94b6a0fe634881

    • SHA512

      91f0f4da3af7cf0c0db3d52210d692e7e41e7158f20611a87d66d5fadd18f04c0311af9b6daa8c87e683828f1f47a1006067f708036a7bdc528b7b7a2b0f2461

    • SSDEEP

      6144:BalZZ0wa8oGsxld4/9vkYoanxypScRFNJ5kyB/srZqFclhCs7z50mZRw:sZS/8orhYX4p35ky6hzXPCm/

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks