General
-
Target
e14e1a5eb00ccb045dcce6e9f3f377b3
-
Size
7.2MB
-
Sample
240327-k6cqdsha88
-
MD5
e14e1a5eb00ccb045dcce6e9f3f377b3
-
SHA1
d4e08847fd5c2fadefe095e4335a92c9c4654afe
-
SHA256
5f1e0f38892fa826e9ade5fcd69cbbc899c57fd52e9907dfa74347572123f8cd
-
SHA512
4bd274156a7e498ad6f2ad05c32b8926ed49f08efaccc36de66c2928078550c3dd09f86a04685d2e65fb6ac5b16ec15dfd7d14811825117e0316274e91dd9811
-
SSDEEP
1536:b2ZwdtaOViJcQ7rTx8p78FbMu38pyrZS5HgtKtcmB+DTFJXuDbCn30FhwHEoNWd7:b2qt12HkICuspr+tkf8pMDwEQkwq
Static task
static1
Behavioral task
behavioral1
Sample
e14e1a5eb00ccb045dcce6e9f3f377b3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e14e1a5eb00ccb045dcce6e9f3f377b3.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1Z973IXg9O5dGqPa4plcv-WuBZ8HbRzBe
Targets
-
-
Target
e14e1a5eb00ccb045dcce6e9f3f377b3
-
Size
7.2MB
-
MD5
e14e1a5eb00ccb045dcce6e9f3f377b3
-
SHA1
d4e08847fd5c2fadefe095e4335a92c9c4654afe
-
SHA256
5f1e0f38892fa826e9ade5fcd69cbbc899c57fd52e9907dfa74347572123f8cd
-
SHA512
4bd274156a7e498ad6f2ad05c32b8926ed49f08efaccc36de66c2928078550c3dd09f86a04685d2e65fb6ac5b16ec15dfd7d14811825117e0316274e91dd9811
-
SSDEEP
1536:b2ZwdtaOViJcQ7rTx8p78FbMu38pyrZS5HgtKtcmB+DTFJXuDbCn30FhwHEoNWd7:b2qt12HkICuspr+tkf8pMDwEQkwq
Score10/10-
Guloader payload
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-