General
-
Target
22102024_1637_22102024_factura.rar
-
Size
517KB
-
Sample
241022-t4xr8avbrc
-
MD5
aa95b8dce0cab17377d6bfa3fcc4fd20
-
SHA1
95d25cc7e38e384c184a972485477c4b237085cb
-
SHA256
28d29ff8363e71797bd687b5d42b715633e42ce76f4649c7ae68f5a229a36ac9
-
SHA512
1205a97578272981eac837d62871a25bc9b8f009a7c9a4fdefd33a26a0e85f7092d7b673c9ef98657b742a92b47089b6e5eefbe9dba07bcc9436b936fe8b9d5e
-
SSDEEP
12288:YjX6n3doaMyyJR272qeTx2MD4SkEc4aOSM0sjvjD9fyvyGuZm3yVL:YjX6n3doeyJUi58SkEQOH0sjX9kyGM0q
Static task
static1
Behavioral task
behavioral1
Sample
Gansa.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Gansa.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Gansa.exe
-
Size
529KB
-
MD5
8ef9b2c45f53d18d18a7da795d5a6a50
-
SHA1
353bb94c823123080c9c06e2f05fdd2fc5dd9b77
-
SHA256
8602f2a77c0f0829d49f4ad809b8edf2dc3f86d89cf067e02718edda51ef0ab0
-
SHA512
af3afdcbb1521088a2e8b4cb30b16cd9fa97cb1a61ea4bcf8c1ae5cf55cb6a0c66c5ce0f6b95d40d5bcc0173586a65f4186aedcf9d7c0a4e3dd6332b0676572c
-
SSDEEP
12288:DMSfP91E/UwWb8FKQBmuipC4HKzvgmBQ6Ds+ZHmkHN3HiPCpfBVx:ISN1UFWgFKQXi9HKZ2eHnHpHiwV
Score10/10-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
cf85183b87314359488b850f9e97a698
-
SHA1
6b6c790037eec7ebea4d05590359cb4473f19aea
-
SHA256
3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac
-
SHA512
fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b
-
SSDEEP
96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug
Score3/10 -