General
-
Target
Kompagnonernes.exe
-
Size
542KB
-
Sample
240522-xnq7aach4x
-
MD5
6b70b3711d067ff306ef0b6880aa9b75
-
SHA1
3e6adcc2187d08da0e22cb8442bf432d4543dbcb
-
SHA256
7f83f1ace73c0eb3543fd3e15924ecfc69d174e0ad30298b917b74e65a605eb2
-
SHA512
91d01e9792613c96037df699f65f508478c151cf47b71461f71d22fcb9df294b49c28085a5479270b0a592747a9af335e132615fbf997ae61e245e2ec381bc04
-
SSDEEP
12288:AKdIoOp22GL4aC98Xxt9zdzJJmnIprf+r:AKdIlpspWoT3zmI7K
Malware Config
Targets
-
-
Target
Kompagnonernes.exe
-
Size
542KB
-
MD5
6b70b3711d067ff306ef0b6880aa9b75
-
SHA1
3e6adcc2187d08da0e22cb8442bf432d4543dbcb
-
SHA256
7f83f1ace73c0eb3543fd3e15924ecfc69d174e0ad30298b917b74e65a605eb2
-
SHA512
91d01e9792613c96037df699f65f508478c151cf47b71461f71d22fcb9df294b49c28085a5479270b0a592747a9af335e132615fbf997ae61e245e2ec381bc04
-
SSDEEP
12288:AKdIoOp22GL4aC98Xxt9zdzJJmnIprf+r:AKdIlpspWoT3zmI7K
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
12b140583e3273ee1f65016becea58c4
-
SHA1
92df24d11797fefd2e1f8d29be9dfd67c56c1ada
-
SHA256
014f1dfeb842cf7265a3644bc6903c592abe9049bfc7396829172d3d72c4d042
-
SHA512
49ffdfa1941361430b6acb3555fd3aa05e4120f28cbdf7ceaa2af5937d0b8cccd84471cf63f06f97cf203b4aa20f226bdad082e9421b8e6b62ab6e1e9fc1e68a
-
SSDEEP
192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C
Score3/10 -