General
-
Target
a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd
-
Size
112KB
-
Sample
230805-nh7gmsde5y
-
MD5
4b4debcb75be0928c8c0a0171f4d2688
-
SHA1
f062d25c0745ae824353b13a18e6274c8717adea
-
SHA256
a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd
-
SHA512
e85d0771dc17a87383230131a9e43465d2acfdf7e4aab9f11eeb6edea7277a5c05f361c25531b0fc1db6b45a27105e75d84512ffe24e043d67618299adb22e35
-
SSDEEP
1536:thSPfxV40TQees275kgrKHxLdGKc+o0FDHdZ1gIMblSnwKegt8oxgi3Xxb:uPXTYs8pKVdhjFD9zwNXy5
Static task
static1
Behavioral task
behavioral1
Sample
a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
guloader
https://filebin.net/1xu1936lh9awcx8g/udoka_dBIUNiSj27.bin?t=u1zue6zq
Targets
-
-
Target
a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd
-
Size
112KB
-
MD5
4b4debcb75be0928c8c0a0171f4d2688
-
SHA1
f062d25c0745ae824353b13a18e6274c8717adea
-
SHA256
a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd
-
SHA512
e85d0771dc17a87383230131a9e43465d2acfdf7e4aab9f11eeb6edea7277a5c05f361c25531b0fc1db6b45a27105e75d84512ffe24e043d67618299adb22e35
-
SSDEEP
1536:thSPfxV40TQees275kgrKHxLdGKc+o0FDHdZ1gIMblSnwKegt8oxgi3Xxb:uPXTYs8pKVdhjFD9zwNXy5
Score10/10-
Guloader payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-