General
-
Target
6e056dac72056b6e8765b145041385df
-
Size
460KB
-
Sample
240121-zxqyzsagc2
-
MD5
6e056dac72056b6e8765b145041385df
-
SHA1
59b48527547a1373184cbd3aa37917cb1ec2464e
-
SHA256
c6645732ddab78c543cc07ef50f3623b28ac76e83a37cc00f127c4e71adaf8b5
-
SHA512
25a9fd0a60ec24042f787f952ac00a6f111ad19121cd8ba0e1698742bfa1d6376cc1e9d4555f26e25d0d50b1cde34d8587d8f3ad2e2fbe3189fec97b5cce8bf9
-
SSDEEP
768:qv/uZitFPxEdATcv236+DYlMRj9tzgVzKi+XjEoGOtsS:U/uZitFPudEKOYlw/zgVzczEoGi1
Static task
static1
Behavioral task
behavioral1
Sample
6e056dac72056b6e8765b145041385df.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6e056dac72056b6e8765b145041385df.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
guloader
https://www.sendspace.com/pro/dl/qfjmwv
Targets
-
-
Target
6e056dac72056b6e8765b145041385df
-
Size
460KB
-
MD5
6e056dac72056b6e8765b145041385df
-
SHA1
59b48527547a1373184cbd3aa37917cb1ec2464e
-
SHA256
c6645732ddab78c543cc07ef50f3623b28ac76e83a37cc00f127c4e71adaf8b5
-
SHA512
25a9fd0a60ec24042f787f952ac00a6f111ad19121cd8ba0e1698742bfa1d6376cc1e9d4555f26e25d0d50b1cde34d8587d8f3ad2e2fbe3189fec97b5cce8bf9
-
SSDEEP
768:qv/uZitFPxEdATcv236+DYlMRj9tzgVzKi+XjEoGOtsS:U/uZitFPudEKOYlw/zgVzczEoGi1
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-