General
-
Target
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219.exe
-
Size
192KB
-
Sample
240226-he6s2sff8w
-
MD5
963bfbe055df7055ca9ad2517aba9d47
-
SHA1
ef25abba278a72f686f8d7cfc4dfe9296d524c93
-
SHA256
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219
-
SHA512
315b2f6aa99a662261492754fd1f31dec7864d51bc624cd4bc8a13bc8828150f10fd210436d7a1f47006dc06b8256f74c1ef0d7f855bda3a85406a9d4e482929
-
SSDEEP
1536:Zz3oWfapW9kmei4/8F91LVTexAZAmP9AAn7jkHbStIBRebeBG58A+CkDm8AWsKHj:9ZCpW93VTL6IFBahX586
Static task
static1
Behavioral task
behavioral1
Sample
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1P9WbHExzGZLrIS4o6Wry38Lr7jT-a0R6
Targets
-
-
Target
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219.exe
-
Size
192KB
-
MD5
963bfbe055df7055ca9ad2517aba9d47
-
SHA1
ef25abba278a72f686f8d7cfc4dfe9296d524c93
-
SHA256
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219
-
SHA512
315b2f6aa99a662261492754fd1f31dec7864d51bc624cd4bc8a13bc8828150f10fd210436d7a1f47006dc06b8256f74c1ef0d7f855bda3a85406a9d4e482929
-
SSDEEP
1536:Zz3oWfapW9kmei4/8F91LVTexAZAmP9AAn7jkHbStIBRebeBG58A+CkDm8AWsKHj:9ZCpW93VTL6IFBahX586
Score10/10-
Guloader payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-