Overview

overview

10

Static

static

1

justifican...ia.exe

windows7-x64

10

justifican...ia.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    justificante de transferencia.exe

  • Size

    439KB

  • Sample

    230420-mbebvahb87

  • MD5

    3931436d54a7af5e532612c3f3e06fc0

  • SHA1

    eb3692c150cc7f8ecea9522b314e50e82c902209

  • SHA256

    c69e558e5526feeb00ab90efe764fb0b93b3a09692659d1a57c652da81f1d123

  • SHA512

    4881726bb3734022c79b3929e0719251986a656cf0ac18b0b3825b0da74a8877fabdd1382b956ef2f6af3a6418435aba5b2dbb7d113eb209dfbac235127c9552

  • SSDEEP

    12288:gz1KzffDfffr2c0kz0hS19NTivjlmJdio3qH:FffDfffrrzES19NTivjlmnV0

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      justificante de transferencia.exe

    • Size

      439KB

    • MD5

      3931436d54a7af5e532612c3f3e06fc0

    • SHA1

      eb3692c150cc7f8ecea9522b314e50e82c902209

    • SHA256

      c69e558e5526feeb00ab90efe764fb0b93b3a09692659d1a57c652da81f1d123

    • SHA512

      4881726bb3734022c79b3929e0719251986a656cf0ac18b0b3825b0da74a8877fabdd1382b956ef2f6af3a6418435aba5b2dbb7d113eb209dfbac235127c9552

    • SSDEEP

      12288:gz1KzffDfffr2c0kz0hS19NTivjlmJdio3qH:FffDfffrrzES19NTivjlmnV0

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks