427b3e1b0a170cfcea6b28d464a1c2f2d0238bd22e7ae2d1c118a4cdf9837d58 | Triage

Sharing

General

Target

Gunluk.exe
Size

39.6MB
Sample

240327-y9n5gsbd92
MD5

74385d396a3aaca4c9bac519888db216
SHA1

1f5a39fa71faaf2910972f11becb536572d51f70
SHA256

427b3e1b0a170cfcea6b28d464a1c2f2d0238bd22e7ae2d1c118a4cdf9837d58
SHA512

bf7f9fa43f34a9e80024d2affff4be8c1c91089bd831283d98dfaf0a1305ddfd2753dae4a8f0cfb4b1e91d2a7eabca1b2fc0a54d1416d6d9e2b5b908e4285293
SSDEEP

786432:i0ar7SICcEO9A70p8aJ5xZi8XRQfeeoV2wxlhfganBkt:Ba3e570BJ5xQieoHxlhfHnC

Score

6^/10

Malware Config

Targets

- Target
  
  Gunluk.exe
- Size
  
  39.6MB
- MD5
  
  74385d396a3aaca4c9bac519888db216
- SHA1
  
  1f5a39fa71faaf2910972f11becb536572d51f70
- SHA256
  
  427b3e1b0a170cfcea6b28d464a1c2f2d0238bd22e7ae2d1c118a4cdf9837d58
- SHA512
  
  bf7f9fa43f34a9e80024d2affff4be8c1c91089bd831283d98dfaf0a1305ddfd2753dae4a8f0cfb4b1e91d2a7eabca1b2fc0a54d1416d6d9e2b5b908e4285293
- SSDEEP
  
  786432:i0ar7SICcEO9A70p8aJ5xZi8XRQfeeoV2wxlhfganBkt:Ba3e570BJ5xQieoHxlhfHnC
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2