General
-
Target
b2426e309ead760310407e71b9c0d04d85c589f2136bb4e9b0f06021664cd067
-
Size
96KB
-
Sample
230806-erfkvafh22
-
MD5
933f755f0b5c6b821d59712409a265c3
-
SHA1
358972e82feea793fe646ec42fc0e9163cde12f5
-
SHA256
b2426e309ead760310407e71b9c0d04d85c589f2136bb4e9b0f06021664cd067
-
SHA512
d98c08d136f479ef2726689e3cb08af15053df7725d1cbd11c7eb0b05e0aaf3365ff69d46eb4d22aa9995f6341916c85992fd8976ee01a84ee5dada1735d8afe
-
SSDEEP
1536:67bd11PaHOjCuE6kSfrZ/21S4I7tCLpJ566O7Co/24H6nom7va:67bdzagvEqTln4qYda
Static task
static1
Behavioral task
behavioral1
Sample
b2426e309ead760310407e71b9c0d04d85c589f2136bb4e9b0f06021664cd067.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
b2426e309ead760310407e71b9c0d04d85c589f2136bb4e9b0f06021664cd067.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=10KsM06yOLfy26ZHD2zjAI-6ZbVIvJEOS
Targets
-
-
Target
b2426e309ead760310407e71b9c0d04d85c589f2136bb4e9b0f06021664cd067
-
Size
96KB
-
MD5
933f755f0b5c6b821d59712409a265c3
-
SHA1
358972e82feea793fe646ec42fc0e9163cde12f5
-
SHA256
b2426e309ead760310407e71b9c0d04d85c589f2136bb4e9b0f06021664cd067
-
SHA512
d98c08d136f479ef2726689e3cb08af15053df7725d1cbd11c7eb0b05e0aaf3365ff69d46eb4d22aa9995f6341916c85992fd8976ee01a84ee5dada1735d8afe
-
SSDEEP
1536:67bd11PaHOjCuE6kSfrZ/21S4I7tCLpJ566O7Co/24H6nom7va:67bdzagvEqTln4qYda
Score10/10-
Guloader payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-