General
-
Target
a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792
-
Size
108KB
-
Sample
230804-jkz35aaa69
-
MD5
d54da47bddd8a3517e59b07ee4ada37f
-
SHA1
2e7e994e2d7bac50a8572b32ea0f65ccaad8ceab
-
SHA256
a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792
-
SHA512
d8d8bf439fbb3617f578ed48ab48b20f164c77611d069ae46e97e3432eba6b9c205b44f2e8a1c79729cc2adc58b69a33a816b300672636f0dd1531687772f228
-
SSDEEP
1536:hfBbby6qFlSPmEmAKKQKlZNmxFbdqnh4DVGzA:Dbby6qBEm1KQEZNmvAnH0
Static task
static1
Behavioral task
behavioral1
Sample
a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
guloader
http://hosseinsoltani.ir/hilari_pahkc43.bin
Targets
-
-
Target
a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792
-
Size
108KB
-
MD5
d54da47bddd8a3517e59b07ee4ada37f
-
SHA1
2e7e994e2d7bac50a8572b32ea0f65ccaad8ceab
-
SHA256
a6a0039f6349d0cf1c2ff714af2adc3306aafe4f838845020431061e56226792
-
SHA512
d8d8bf439fbb3617f578ed48ab48b20f164c77611d069ae46e97e3432eba6b9c205b44f2e8a1c79729cc2adc58b69a33a816b300672636f0dd1531687772f228
-
SSDEEP
1536:hfBbby6qFlSPmEmAKKQKlZNmxFbdqnh4DVGzA:Dbby6qBEm1KQEZNmvAnH0
Score10/10-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-