General
-
Target
29102024_1556_29102024_Doc.rar
-
Size
748KB
-
Sample
241029-tg7nxaxpfj
-
MD5
fca4559f3c04e7b6cf641836214388d9
-
SHA1
9519e4a7a0d7f812409aca433a1883f1e90fd909
-
SHA256
154b351316b313b40bb9a95675e069b13472e30b8aa96f02c2dbf16cb0ca099c
-
SHA512
468917229c187acec65e7fc2a145a8eea0a9ab60c1b91afa041307c1dfa635aa5bfe49e0acae591c224642d0b2cb5ad8213e72945e5f84967bd43811b37dd125
-
SSDEEP
12288:iE1fzp719Y+2u4RwAoF8EaJGKJBP3d8SbQWp0lHdZeawLcVDJN6xNl3mNwmTw+Ke:ztDY8a9DJRJBP3dFQWadZpwL4N67laww
Static task
static1
Behavioral task
behavioral1
Sample
Forreste.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Forreste.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Forreste.exe
-
Size
895KB
-
MD5
b6bcb5405a50ef97d57ae2b43ad5d01e
-
SHA1
2c8288be420bdb1b53438f07cbcdec259f47bd0d
-
SHA256
0c3b34493099cbbfbf51b25a4befe93e8d1b92008884500f91c66e2bd00dee1f
-
SHA512
1a0eeea2ce4608fc4e0ae67b94f6c137de873b5c0da735c22a2e295dd9577aa1f6ba85ecd0193d771289d417a1d9cc758ea5cf8284cf3f2e3272571414cc9391
-
SSDEEP
24576:5x+rg0PyXjILtPkoAzuyn/pBF62HnQIQMOKOaeKg:5x+s0PyXjIxPkFzucp22HTzOKOwg
Score10/10-
Guloader family
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c9473cb90d79a374b2ba6040ca16e45c
-
SHA1
ab95b54f12796dce57210d65f05124a6ed81234a
-
SHA256
b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352
-
SHA512
eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b
-
SSDEEP
192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa
Score3/10 -