General
-
Target
a94524e08d521803e362dfe56fc5bc954bd898cee21c34dd5050f67c5e17e205
-
Size
64KB
-
Sample
230804-dvebhshb97
-
MD5
e998cc00ad0dd270be4e4b4e023db952
-
SHA1
c96250b6c650362a8e275a4c286ca47942349605
-
SHA256
a94524e08d521803e362dfe56fc5bc954bd898cee21c34dd5050f67c5e17e205
-
SHA512
7c975cd5dadb6df1df7dfe1e03045fa217b8f93bef0f976ec660589e1d79e7ae1501f8024770ffdd8704c42999f3b374f2f31b4f0fe7c28c2528562d99e0cc3d
-
SSDEEP
768:o1Efq4d4DdewGO/rBLnrEPJtWllWk91X+0bbXlyoYjvTBw8fiPAEAByF:C94d4xRr/rBLnIhkDWk7rbHww8fiXA
Static task
static1
Behavioral task
behavioral1
Sample
a94524e08d521803e362dfe56fc5bc954bd898cee21c34dd5050f67c5e17e205.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
a94524e08d521803e362dfe56fc5bc954bd898cee21c34dd5050f67c5e17e205.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=E63E6173F9A47623&resid=E63E6173F9A47623%21110&authkey=AP2UWGY0xBOY3co
Targets
-
-
Target
a94524e08d521803e362dfe56fc5bc954bd898cee21c34dd5050f67c5e17e205
-
Size
64KB
-
MD5
e998cc00ad0dd270be4e4b4e023db952
-
SHA1
c96250b6c650362a8e275a4c286ca47942349605
-
SHA256
a94524e08d521803e362dfe56fc5bc954bd898cee21c34dd5050f67c5e17e205
-
SHA512
7c975cd5dadb6df1df7dfe1e03045fa217b8f93bef0f976ec660589e1d79e7ae1501f8024770ffdd8704c42999f3b374f2f31b4f0fe7c28c2528562d99e0cc3d
-
SSDEEP
768:o1Efq4d4DdewGO/rBLnrEPJtWllWk91X+0bbXlyoYjvTBw8fiPAEAByF:C94d4xRr/rBLnIhkDWk7rbHww8fiXA
Score10/10-
Guloader payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-