General
-
Target
ff06793fb936c9c065951e23664890065219d829f15f0f67100e49f1f69fe5e8
-
Size
112KB
-
Sample
230804-nzcctsbh2t
-
MD5
181bdddd044c6dfe3ae64c0c9ee4ae53
-
SHA1
7f172a71110d9cf1c9e97644ee55600fa464f7a7
-
SHA256
ff06793fb936c9c065951e23664890065219d829f15f0f67100e49f1f69fe5e8
-
SHA512
0fa970e5b47a6e2c5b0edc88be617fccbfd4bba7e02e61785ea6e52da793b7697b67543168936f6054dc6de16da8de5e64847e756c36603e1a4d7751b58574f9
-
SSDEEP
768:ygC7+4+75zoR8T5kGjqgEmNuGKCZeGXeEFOaQwI4JlDwxN1vcgzjNaASA6:3CO5oSLe1cTFOaJSr1vtPN4
Static task
static1
Behavioral task
behavioral1
Sample
ff06793fb936c9c065951e23664890065219d829f15f0f67100e49f1f69fe5e8.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ff06793fb936c9c065951e23664890065219d829f15f0f67100e49f1f69fe5e8.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=46B98FE6F0D79519&resid=46B98FE6F0D79519%211842&authkey=ANcfRm-0LjxFJQY
Targets
-
-
Target
ff06793fb936c9c065951e23664890065219d829f15f0f67100e49f1f69fe5e8
-
Size
112KB
-
MD5
181bdddd044c6dfe3ae64c0c9ee4ae53
-
SHA1
7f172a71110d9cf1c9e97644ee55600fa464f7a7
-
SHA256
ff06793fb936c9c065951e23664890065219d829f15f0f67100e49f1f69fe5e8
-
SHA512
0fa970e5b47a6e2c5b0edc88be617fccbfd4bba7e02e61785ea6e52da793b7697b67543168936f6054dc6de16da8de5e64847e756c36603e1a4d7751b58574f9
-
SSDEEP
768:ygC7+4+75zoR8T5kGjqgEmNuGKCZeGXeEFOaQwI4JlDwxN1vcgzjNaASA6:3CO5oSLe1cTFOaJSr1vtPN4
Score10/10-
Guloader payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-