Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

Errors

Reason
config extraction: GuloaderBin: guloader: invalid shellcode

General

  • Target

    2f328ee456791489f276ad74fcf76247a6406f59dcf65bcf16e10c73a2e4199c

  • Size

    300.2MB

  • MD5

    2b0309d8bb41e5554dc25fdd59912624

  • SHA1

    312191da0aca48b838b40388eb5f08dc9bc757f8

  • SHA256

    2f328ee456791489f276ad74fcf76247a6406f59dcf65bcf16e10c73a2e4199c

  • SHA512

    ebd3de070b88880601440dc03d4ac7c7a872e12354c3b09de3af33f482dcbd861870c91603fa1c54ac8715aa2fe62203aa56267eb45eb3b19cc3148960760429

  • SSDEEP

    6291456:lt8+e551y+D4aWu18wSJbC5SVx2oIEIGkDUV:yD4av1/YyPrTGDV

Score
10/10
agilenetmineross_ak888ratsmseyexmrigxorddosagentteslagrowtopia

Malware Config

Signatures

  • 888rat family
    888rat
  • Agenttesla family
    agenttesla
  • Android 888 RAT payload 1 IoCs
  • Android SMSeye payload 1 IoCs
  • Growtopia family
    growtopia
  • Smseye family
    smseye
  • XMRig Miner payload 1 IoCs
    miner
  • Xmrig family
    xmrig
  • XorDDoS payload 1 IoCs
  • Xorddos family
    xorddos
  • detect oss ak 1 IoCs

    oss ak information detected.

    oss_ak
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

Files

  • 2f328ee456791489f276ad74fcf76247a6406f59dcf65bcf16e10c73a2e4199c