General
-
Target
370eb5b97aae87849c88174742049624.exe
-
Size
60KB
-
Sample
240110-xvfdcsebck
-
MD5
370eb5b97aae87849c88174742049624
-
SHA1
c6269ee6a89a9b23edd760f6f3824967886302ca
-
SHA256
ecb4237d66f2000f1cefc832ff1f03a91856f1374646e80855c29eba23abe794
-
SHA512
d0d6740acaa82cbcdff072a94cac2d695b5d75123c0ce177cc7e034b7e2cc3f77e5158436fca23034511a15828072be274df689794ae933f47973c76e2c6e8e3
-
SSDEEP
768:uS8R8zs0uTCaclwUk+W5qXgXT/JdfFRj0Vl/z:uSM0uTXclwUk/51j/Dr2pz
Static task
static1
Behavioral task
behavioral1
Sample
370eb5b97aae87849c88174742049624.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
370eb5b97aae87849c88174742049624.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1lw277A8TCTymmoU3xcAVyYliTFln3LiG
Targets
-
-
Target
370eb5b97aae87849c88174742049624.exe
-
Size
60KB
-
MD5
370eb5b97aae87849c88174742049624
-
SHA1
c6269ee6a89a9b23edd760f6f3824967886302ca
-
SHA256
ecb4237d66f2000f1cefc832ff1f03a91856f1374646e80855c29eba23abe794
-
SHA512
d0d6740acaa82cbcdff072a94cac2d695b5d75123c0ce177cc7e034b7e2cc3f77e5158436fca23034511a15828072be274df689794ae933f47973c76e2c6e8e3
-
SSDEEP
768:uS8R8zs0uTCaclwUk+W5qXgXT/JdfFRj0Vl/z:uSM0uTXclwUk/51j/Dr2pz
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-