General
-
Target
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219_76308dbe19df6a0ddd245d4edc662bb4b5a39ac39655ce4fee56a178c3c62264.exe
-
Size
211KB
-
Sample
240226-ha3ktsfa87
-
MD5
40e71ef2c864d6f823af49e31f7a0546
-
SHA1
eda4efc77a286343b00c5cc77104b1e8f3231d54
-
SHA256
76308dbe19df6a0ddd245d4edc662bb4b5a39ac39655ce4fee56a178c3c62264
-
SHA512
f6250cfd2c0bf205a30ba7455aadb417c186db46e5500d0d1a07323a961db679c33fecaf3de39045b94dbc46631334e96e4a1d96191ccabdd6991af191c29faa
-
SSDEEP
1536:Zz3oWfapW9kmei4/8F91LVTexAZAmP9AAn7jkHbStIBRebeBG58A+CkDm8AWsKHw:9ZCpW93VTL6IFBahX586k
Static task
static1
Behavioral task
behavioral1
Sample
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219_76308dbe19df6a0ddd245d4edc662bb4b5a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219_76308dbe19df6a0ddd245d4edc662bb4b5a.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1P9WbHExzGZLrIS4o6Wry38Lr7jT-a0R6
Targets
-
-
Target
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219_76308dbe19df6a0ddd245d4edc662bb4b5a39ac39655ce4fee56a178c3c62264.exe
-
Size
211KB
-
MD5
40e71ef2c864d6f823af49e31f7a0546
-
SHA1
eda4efc77a286343b00c5cc77104b1e8f3231d54
-
SHA256
76308dbe19df6a0ddd245d4edc662bb4b5a39ac39655ce4fee56a178c3c62264
-
SHA512
f6250cfd2c0bf205a30ba7455aadb417c186db46e5500d0d1a07323a961db679c33fecaf3de39045b94dbc46631334e96e4a1d96191ccabdd6991af191c29faa
-
SSDEEP
1536:Zz3oWfapW9kmei4/8F91LVTexAZAmP9AAn7jkHbStIBRebeBG58A+CkDm8AWsKHw:9ZCpW93VTL6IFBahX586k
Score10/10-
Guloader payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-