General
-
Target
Doc065754.lnk
-
Size
2KB
-
Sample
230311-d5cknsgd23
-
MD5
f4aa46ca2856c7f137ca9e95b255c001
-
SHA1
a71f7cec83d329c3444dcc9cf53181689ac02227
-
SHA256
86a3eea0abb10bdcac6a00b9bdf1d76a408fbdd27db8be389757e069a2855f11
-
SHA512
e207a15a14acdfd40e6edbff9d96f2e8a460e954768da45d6d5de3a78fec04a5758261a92f3696a694fa7fba55faf0fbc1222d7276e3bc238723e3321556093a
Malware Config
Targets
-
-
Target
Doc065754.lnk
-
Size
2KB
-
MD5
f4aa46ca2856c7f137ca9e95b255c001
-
SHA1
a71f7cec83d329c3444dcc9cf53181689ac02227
-
SHA256
86a3eea0abb10bdcac6a00b9bdf1d76a408fbdd27db8be389757e069a2855f11
-
SHA512
e207a15a14acdfd40e6edbff9d96f2e8a460e954768da45d6d5de3a78fec04a5758261a92f3696a694fa7fba55faf0fbc1222d7276e3bc238723e3321556093a
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-