Overview

overview

10

Static

static

3

9a5c4dcfc9...7f.exe

windows7-x64

10

9a5c4dcfc9...7f.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9a5c4dcfc97835d873cdc90242c1fcd7ed1a69836a4a856491d9f4b560eb1f7f

  • Size

    611KB

  • Sample

    231011-qhrsashd5s

  • MD5

    021a6a0be9499c68e91456bd8eaef56b

  • SHA1

    ef75bc38a6444a980b681e5bd162bd1b4c40058e

  • SHA256

    9a5c4dcfc97835d873cdc90242c1fcd7ed1a69836a4a856491d9f4b560eb1f7f

  • SHA512

    62c50a137aad13a17841c560bc33249bc707178de1cb1ba1d51d7bb5eec4c681078f933eaa1b6930e43c3493a0fefc601374e2e62245b71d703140748466a2d4

  • SSDEEP

    12288:34srNeq4ZbJBWrwk8mBH4IzJD1zHhT86ipqcwHUYh8TPxiaHZ:rV2BWkmBdfzBTjUg8TYM

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      9a5c4dcfc97835d873cdc90242c1fcd7ed1a69836a4a856491d9f4b560eb1f7f

    • Size

      611KB

    • MD5

      021a6a0be9499c68e91456bd8eaef56b

    • SHA1

      ef75bc38a6444a980b681e5bd162bd1b4c40058e

    • SHA256

      9a5c4dcfc97835d873cdc90242c1fcd7ed1a69836a4a856491d9f4b560eb1f7f

    • SHA512

      62c50a137aad13a17841c560bc33249bc707178de1cb1ba1d51d7bb5eec4c681078f933eaa1b6930e43c3493a0fefc601374e2e62245b71d703140748466a2d4

    • SSDEEP

      12288:34srNeq4ZbJBWrwk8mBH4IzJD1zHhT86ipqcwHUYh8TPxiaHZ:rV2BWkmBdfzBTjUg8TYM

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks