General

  • Target

    7a8adf45bea0eea3f567cf0517e771c30db41c3ea14b36db86f216c0a7ff9041

  • Size

    108KB

  • Sample

    230804-fssggaag4t

  • MD5

    ed3019b01fedd6ec9bc195f5bf1e79f6

  • SHA1

    971cb0f308d2495b4454729c3f222ee37a9c8c33

  • SHA256

    7a8adf45bea0eea3f567cf0517e771c30db41c3ea14b36db86f216c0a7ff9041

  • SHA512

    7276dfa9f0a78de2e942cd8c90a54e78b8b857a557e32edc0ced0ce3c42f67d21a7e215a792752f4ed4e873c79cce4b164420e4637ecd1ec4c5339fc9b06e98f

  • SSDEEP

    1536:ZJS7cFy+6fGSCT6OWUWa+IhCAQKBbtP4WRD:ZJ3NhSC+0WheCAQKBl

Score
10/10

Malware Config

Extracted

Family

guloader

C2

http://weareupstream.com/n/bin_psPlI206.bin

xor.base64

Targets

    • Target

      7a8adf45bea0eea3f567cf0517e771c30db41c3ea14b36db86f216c0a7ff9041

    • Size

      108KB

    • MD5

      ed3019b01fedd6ec9bc195f5bf1e79f6

    • SHA1

      971cb0f308d2495b4454729c3f222ee37a9c8c33

    • SHA256

      7a8adf45bea0eea3f567cf0517e771c30db41c3ea14b36db86f216c0a7ff9041

    • SHA512

      7276dfa9f0a78de2e942cd8c90a54e78b8b857a557e32edc0ced0ce3c42f67d21a7e215a792752f4ed4e873c79cce4b164420e4637ecd1ec4c5339fc9b06e98f

    • SSDEEP

      1536:ZJS7cFy+6fGSCT6OWUWa+IhCAQKBbtP4WRD:ZJ3NhSC+0WheCAQKBl

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks