General

  • Target

    a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792

  • Size

    108KB

  • Sample

    230804-jkz35aaa69

  • MD5

    d54da47bddd8a3517e59b07ee4ada37f

  • SHA1

    2e7e994e2d7bac50a8572b32ea0f65ccaad8ceab

  • SHA256

    a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792

  • SHA512

    d8d8bf439fbb3617f578ed48ab48b20f164c77611d069ae46e97e3432eba6b9c205b44f2e8a1c79729cc2adc58b69a33a816b300672636f0dd1531687772f228

  • SSDEEP

    1536:hfBbby6qFlSPmEmAKKQKlZNmxFbdqnh4DVGzA:Dbby6qBEm1KQEZNmvAnH0

Score
10/10

Malware Config

Extracted

Family

guloader

C2

http://hosseinsoltani.ir/hilari_pahkc43.bin

xor.base64

Targets

    • Target

      a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792

    • Size

      108KB

    • MD5

      d54da47bddd8a3517e59b07ee4ada37f

    • SHA1

      2e7e994e2d7bac50a8572b32ea0f65ccaad8ceab

    • SHA256

      a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792

    • SHA512

      d8d8bf439fbb3617f578ed48ab48b20f164c77611d069ae46e97e3432eba6b9c205b44f2e8a1c79729cc2adc58b69a33a816b300672636f0dd1531687772f228

    • SSDEEP

      1536:hfBbby6qFlSPmEmAKKQKlZNmxFbdqnh4DVGzA:Dbby6qBEm1KQEZNmvAnH0

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks