General
-
Target
920e040d64758438d2ba1514b29a497c8d7c0822d19c8b9f9df24d1a03583983
-
Size
124KB
-
Sample
230718-qh1p7saf39
-
MD5
25fa954e30d3299be8e3afd4edc24a9e
-
SHA1
4a9197e668340aebb5d8d58aad8de14c64f307b3
-
SHA256
920e040d64758438d2ba1514b29a497c8d7c0822d19c8b9f9df24d1a03583983
-
SHA512
cfacefd189f64934f4288e703ae6eff55553670052506f54a3fa590fa438150f79df1566ca640e5301cc119a26387591a1fa400d410931af0e1739b07258a1c7
-
SSDEEP
768:sfIJwIyQQAFMtIb4po/h5mDj9386QEY0dowF50XypzfVVaDHbBCNhBgabBPypzf:Fp6IbD55mDj92EY0d/GyXVaDwNhOoPy
Static task
static1
Behavioral task
behavioral1
Sample
920e040d64758438d2ba1514b29a497c8d7c0822d19c8b9f9df24d1a03583983.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
920e040d64758438d2ba1514b29a497c8d7c0822d19c8b9f9df24d1a03583983.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
guloader
https://cdn.discordapp.com/attachments/811722621670522904/825674944057704498/david5000_SMKjiFY94.bin
Targets
-
-
Target
920e040d64758438d2ba1514b29a497c8d7c0822d19c8b9f9df24d1a03583983
-
Size
124KB
-
MD5
25fa954e30d3299be8e3afd4edc24a9e
-
SHA1
4a9197e668340aebb5d8d58aad8de14c64f307b3
-
SHA256
920e040d64758438d2ba1514b29a497c8d7c0822d19c8b9f9df24d1a03583983
-
SHA512
cfacefd189f64934f4288e703ae6eff55553670052506f54a3fa590fa438150f79df1566ca640e5301cc119a26387591a1fa400d410931af0e1739b07258a1c7
-
SSDEEP
768:sfIJwIyQQAFMtIb4po/h5mDj9386QEY0dowF50XypzfVVaDHbBCNhBgabBPypzf:Fp6IbD55mDj92EY0d/GyXVaDwNhOoPy
Score10/10-
Guloader payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-