Errors
Reason
config extraction: GuloaderBin: guloader: invalid shellcode
General
-
Target
2f328ee456791489f276ad74fcf76247a6406f59dcf65bcf16e10c73a2e4199c
-
Size
300.2MB
-
MD5
2b0309d8bb41e5554dc25fdd59912624
-
SHA1
312191da0aca48b838b40388eb5f08dc9bc757f8
-
SHA256
2f328ee456791489f276ad74fcf76247a6406f59dcf65bcf16e10c73a2e4199c
-
SHA512
ebd3de070b88880601440dc03d4ac7c7a872e12354c3b09de3af33f482dcbd861870c91603fa1c54ac8715aa2fe62203aa56267eb45eb3b19cc3148960760429
-
SSDEEP
6291456:lt8+e551y+D4aWu18wSJbC5SVx2oIEIGkDUV:yD4av1/YyPrTGDV
Malware Config
Signatures
-
888rat family
-
Agenttesla family
-
Android 888 RAT payload 1 IoCs
resource yara_rule sample family_888rat -
Android SMSeye payload 1 IoCs
resource yara_rule sample family_smseye -
Growtopia family
-
Smseye family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample xmrig -
Xmrig family
-
XorDDoS payload 1 IoCs
resource yara_rule sample family_xorddos -
Xorddos family
-
resource yara_rule sample detect_ak_stuff -
Patched UPX-packed file 1 IoCs
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
resource yara_rule sample patched_upx -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net
Files
-
2f328ee456791489f276ad74fcf76247a6406f59dcf65bcf16e10c73a2e4199c