General
-
Target
Rebuffed.exe
-
Size
1.2MB
-
Sample
231012-h4e2madd7w
-
MD5
4f56cd3f66574df8c5d4969a7a731832
-
SHA1
790d9b9d9dd45ae834139158a993721ab74ac3f4
-
SHA256
15c55fd5158febe95f1e54f73a9388e77b1974d6983d6fad4c7dac8961ce71bb
-
SHA512
fce4942401bd50931bc28e51f071764f7107c3094aa8dfe3125bed66f55f7361e2c7b6174fcdb6b68c6fb5ec3d47af4f2f3402619eb7e8768ed150812dd9a070
-
SSDEEP
24576:2RYkWmWEPOh5Wr++qiOKpTnDeSsp1jQW3GwiAtsp1kt4KdAZJO3FqdPH5oUPhZ:8YoW3WrtsKpTYpyW3GwY6tMqOz3
Malware Config
Targets
-
-
Target
Rebuffed.exe
-
Size
1.2MB
-
MD5
4f56cd3f66574df8c5d4969a7a731832
-
SHA1
790d9b9d9dd45ae834139158a993721ab74ac3f4
-
SHA256
15c55fd5158febe95f1e54f73a9388e77b1974d6983d6fad4c7dac8961ce71bb
-
SHA512
fce4942401bd50931bc28e51f071764f7107c3094aa8dfe3125bed66f55f7361e2c7b6174fcdb6b68c6fb5ec3d47af4f2f3402619eb7e8768ed150812dd9a070
-
SSDEEP
24576:2RYkWmWEPOh5Wr++qiOKpTnDeSsp1jQW3GwiAtsp1kt4KdAZJO3FqdPH5oUPhZ:8YoW3WrtsKpTYpyW3GwY6tMqOz3
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-