Overview

overview

10

Static

static

3

Hemoid.exe

windows7-x64

10

Hemoid.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Hemoid.exe

  • Size

    903KB

  • Sample

    241030-w3yn8szqfl

  • MD5

    86775a764aea392246a92799be91dd13

  • SHA1

    df06f5d609bfe3861567f2b32769f32ddae17341

  • SHA256

    e8b00d362280ad03511b44e1e16b92bff4468547a2cd2b5231962653f18be194

  • SHA512

    5caea228fc466f9780a73df8755c8beb2ee1809df74bb6d40a6dec78428f1620491f556fa50236d2126688600205bb1d2e9b1b6a665f594ce54f705ba7d28cbb

  • SSDEEP

    12288:7/x+rNj8OdRDQOjJ+bLJxoATfDx209q7s62W++uMBIVm7MIBXBKGzaeKBemnZ6:bx+rddRkiyoAzD5wY62HnQIQMOKOaeKE

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Hemoid.exe

    • Size

      903KB

    • MD5

      86775a764aea392246a92799be91dd13

    • SHA1

      df06f5d609bfe3861567f2b32769f32ddae17341

    • SHA256

      e8b00d362280ad03511b44e1e16b92bff4468547a2cd2b5231962653f18be194

    • SHA512

      5caea228fc466f9780a73df8755c8beb2ee1809df74bb6d40a6dec78428f1620491f556fa50236d2126688600205bb1d2e9b1b6a665f594ce54f705ba7d28cbb

    • SSDEEP

      12288:7/x+rNj8OdRDQOjJ+bLJxoATfDx209q7s62W++uMBIVm7MIBXBKGzaeKBemnZ6:bx+rddRkiyoAzD5wY62HnQIQMOKOaeKE

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks