General

  • Target

    e7aa5072bdb8bc8768ecc92cfc0ab32026b24042667ce65e2600310cb11a0174

  • Size

    164KB

  • Sample

    230804-kcb7rsbc6v

  • MD5

    f4a44ac705a4123d8d4a7c9865075e5c

  • SHA1

    a7989bcb53a2e2d7aa86ffd821e07f0608c63bd3

  • SHA256

    e7aa5072bdb8bc8768ecc92cfc0ab32026b24042667ce65e2600310cb11a0174

  • SHA512

    879b5f7438a28040e44bb34d3031c56bcd75010ed82ba11ee37c73f7c9fe5195fc9abe65931394e738d8d8a8d8ebdadb66248d09a3f355309bd97c3ed412ed00

  • SSDEEP

    1536:HkRrvvrgzltFtFwjTcLLoZ801i+g6YCMFJbxtGS1645ZCD8ChZxnmZyG:SLcRLLAcLLu801hmfTE8ChZxnmgG

Score
10/10

Malware Config

Extracted

Family

guloader

C2

https://mscni.org/hk_KoKrxbGo126.bin

xor.base64

Targets

    • Target

      e7aa5072bdb8bc8768ecc92cfc0ab32026b24042667ce65e2600310cb11a0174

    • Size

      164KB

    • MD5

      f4a44ac705a4123d8d4a7c9865075e5c

    • SHA1

      a7989bcb53a2e2d7aa86ffd821e07f0608c63bd3

    • SHA256

      e7aa5072bdb8bc8768ecc92cfc0ab32026b24042667ce65e2600310cb11a0174

    • SHA512

      879b5f7438a28040e44bb34d3031c56bcd75010ed82ba11ee37c73f7c9fe5195fc9abe65931394e738d8d8a8d8ebdadb66248d09a3f355309bd97c3ed412ed00

    • SSDEEP

      1536:HkRrvvrgzltFtFwjTcLLoZ801i+g6YCMFJbxtGS1645ZCD8ChZxnmZyG:SLcRLLAcLLu801hmfTE8ChZxnmgG

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks