General
-
Target
74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a
-
Size
104KB
-
Sample
230718-k932rahd22
-
MD5
20669aaed8d12c7513bd705aefc92f8d
-
SHA1
06ab6d734a0007b5fa97320ae4ac170f4b7ba1f5
-
SHA256
74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a
-
SHA512
4870df33925297b8e196ecedf8ef69c68e737116b288819e26fb6af6a3987e6761b4a8f4277f3ff59e8123e5668de1134897e780d6a7f1c27daaeac676e38a9e
-
SSDEEP
768:XpOUzr1wlbA9Jpb3CFjyIyM8pbtMOcrvpWGYnNLGbRJH/UABF1CybT3IYW2IpEGj:5nNwlbA9JpGFjLXobt4vofnNK19GLKm
Static task
static1
Behavioral task
behavioral1
Sample
74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
guloader
http://castmart.ga/~zadmin/icloud/bill_encrypted_9743D3F.bin
Targets
-
-
Target
74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a
-
Size
104KB
-
MD5
20669aaed8d12c7513bd705aefc92f8d
-
SHA1
06ab6d734a0007b5fa97320ae4ac170f4b7ba1f5
-
SHA256
74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a
-
SHA512
4870df33925297b8e196ecedf8ef69c68e737116b288819e26fb6af6a3987e6761b4a8f4277f3ff59e8123e5668de1134897e780d6a7f1c27daaeac676e38a9e
-
SSDEEP
768:XpOUzr1wlbA9Jpb3CFjyIyM8pbtMOcrvpWGYnNLGbRJH/UABF1CybT3IYW2IpEGj:5nNwlbA9JpGFjLXobt4vofnNK19GLKm
Score10/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-