Overview

overview

10

Static

static

3

a15da9fdfd...a0.exe

windows7-x64

10

a15da9fdfd...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a15da9fdfd935a4b05adc5e0cf0053a0.exe

  • Size

    352KB

  • Sample

    230717-ha681sae87

  • MD5

    a15da9fdfd935a4b05adc5e0cf0053a0

  • SHA1

    71be4a53794322a70c36f22a532bdd5a9e82c47a

  • SHA256

    2a831c8d63686e4b79cfced16e26d47f95de8cdbd178876659f9e7ec75e42789

  • SHA512

    7035c68e51f340633b4b1a1d2e0c3d9f91ccf8398936a9604ec1119b0880d53360e213f04e0243ef9ac69cd2a23614e243533dd3494ff84854e1763606fa3d8e

  • SSDEEP

    6144:Hwq3NpAucY3Mh7fR6dtdKE0CuLavZDC8xr3gKkYbrx+gb6e+D:HzMp3cfKE7ZDCC1rrx+Ve+D

Score
10/10
guloaderdiscoverydownloaderpersistence

Malware Config

Targets

    • Target

      a15da9fdfd935a4b05adc5e0cf0053a0.exe

    • Size

      352KB

    • MD5

      a15da9fdfd935a4b05adc5e0cf0053a0

    • SHA1

      71be4a53794322a70c36f22a532bdd5a9e82c47a

    • SHA256

      2a831c8d63686e4b79cfced16e26d47f95de8cdbd178876659f9e7ec75e42789

    • SHA512

      7035c68e51f340633b4b1a1d2e0c3d9f91ccf8398936a9604ec1119b0880d53360e213f04e0243ef9ac69cd2a23614e243533dd3494ff84854e1763606fa3d8e

    • SSDEEP

      6144:Hwq3NpAucY3Mh7fR6dtdKE0CuLavZDC8xr3gKkYbrx+gb6e+D:HzMp3cfKE7ZDCC1rrx+Ve+D

    Score
    10/10
    guloaderdiscoverydownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks