General
-
Target
nPO-000172483.lzh.rar
-
Size
1.0MB
-
Sample
241030-q9csfstkg1
-
MD5
5299e468469f0296910dc0d18a6a7258
-
SHA1
5fd1fa2ca69a6dd54f7321a7d1874e0fdef23acd
-
SHA256
c24e591bfe433669d8cb9b3b3c4c989da4bf6d6cc58de373dead1859dbcbcc27
-
SHA512
bcd51ef2e05d22c6c46c9dc718030cbed6e35b8f82493d4ae4404a63f5f439baab5a6197d0565ef28b3ee065ceb7de4a64a3f293212bc0f6542be3dbd4adab59
-
SSDEEP
24576:WU3QWCcPg1ouDBC0DnxCqaJgkajEfoQE7adYDpjpq+aNG:WUAWCco13k08qaLoQELDpPsG
Static task
static1
Behavioral task
behavioral1
Sample
PO-000172483.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PO-000172483.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
PO-000172483.exe
-
Size
1.1MB
-
MD5
038aab3a1450ed01e0635bdb5b09c39c
-
SHA1
bf02949f07662158215776acbaac683b6959320e
-
SHA256
ad1f6b68331f1d4b983df1eddfea197f4a091e648528dc28c6016524b51d58b0
-
SHA512
471c0ab744b228dd5b46c53d3dde2127834ff066bc3dde1f969c287fb22bc490f5bdc2fee13141fc91d931e9a02d2583b3c280deec85bdbdd9b1cb26f1eece82
-
SSDEEP
24576:h4nhDoAFmXsrvR1kSMEkaHnjZVhbBNF1lmZNXLGQ7WczkxFnfbP9u:h+hkbXsjQSME/1Vhb5kNXKQKczgI
Score10/10-
Guloader family
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
d6f54d2cefdf58836805796f55bfc846
-
SHA1
b980addc1a755b968dd5799179d3b4f1c2de9d2d
-
SHA256
f917aef484d1fbb4d723b2e2d3045cb6f5f664e61fbb3d5c577bd1c215de55d9
-
SHA512
ce67da936a93d46ef7e81abc8276787c82fd844c03630ba18afc3528c7e420c3228bfe82aeda083bb719f2d1314afae913362abd1e220cb364606519690d45db
-
SSDEEP
192:acA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:RR7SrtTv53tdtTgwF4SQbGPX36wJMw
Score3/10 -