Overview

overview

10

Static

static

3

Company Profile.exe

windows7-x64

10

Company Profile.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Company Profile.exe

  • Size

    402KB

  • Sample

    230817-gsnc7afg64

  • MD5

    818f9d1c6f12286db052931dc7ebd626

  • SHA1

    eb4468b31a8f698efa9a362d78a9719952ffb772

  • SHA256

    fc8dec7cc365d3670d2a904438e96fa929d53f144805595700f0219df2c7970b

  • SHA512

    b93b8c51664aa28b78b65f8368a4dadc967086cbf021098cd8b306fef40c8d0fe9707e6060f9dea311e0f03d93e76f9d47ef32489f7f8fbfd680d2c1693030af

  • SSDEEP

    6144:zspNjlsAXdbHsVtYbnEXXgc9z/m3dy78EMF+NIfIXIwF/bWQSp7P8hUByL:zcvVMVwEXgc9z//8vF+NI7wItk+e

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      Company Profile.exe

    • Size

      402KB

    • MD5

      818f9d1c6f12286db052931dc7ebd626

    • SHA1

      eb4468b31a8f698efa9a362d78a9719952ffb772

    • SHA256

      fc8dec7cc365d3670d2a904438e96fa929d53f144805595700f0219df2c7970b

    • SHA512

      b93b8c51664aa28b78b65f8368a4dadc967086cbf021098cd8b306fef40c8d0fe9707e6060f9dea311e0f03d93e76f9d47ef32489f7f8fbfd680d2c1693030af

    • SSDEEP

      6144:zspNjlsAXdbHsVtYbnEXXgc9z/m3dy78EMF+NIfIXIwF/bWQSp7P8hUByL:zcvVMVwEXgc9z//8vF+NI7wItk+e

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks