General
-
Target
2791f889590f7e4f9ba357857f6389d23a2dd2eeac00d04aef3893f8f0effe47.exe
-
Size
354KB
-
Sample
241115-sx11mavrgs
-
MD5
20eeb332c66557d6115a6874b6716aca
-
SHA1
19628f536fb087bdd70233884bc2a77a1b6b0e22
-
SHA256
2791f889590f7e4f9ba357857f6389d23a2dd2eeac00d04aef3893f8f0effe47
-
SHA512
cee82bb4339094827ce61ef1c94260cb17d0b0ac46ec9d82b34639a9e4c9e9ca7e9ac312e7a021e574d7b3feebc94767609700308dd0cd8b72735a675ab01891
-
SSDEEP
6144:tNDlOlZOvRQmfszRZBdhOSmhhyDRXR0OjN5c/9WG3ktHhpBnyv+bx2MTxrLM37VQ:tsZOv09dhOSmCVhjg/9WG3QBPyv+9Zt1
Malware Config
Targets
-
-
Target
2791f889590f7e4f9ba357857f6389d23a2dd2eeac00d04aef3893f8f0effe47.exe
-
Size
354KB
-
MD5
20eeb332c66557d6115a6874b6716aca
-
SHA1
19628f536fb087bdd70233884bc2a77a1b6b0e22
-
SHA256
2791f889590f7e4f9ba357857f6389d23a2dd2eeac00d04aef3893f8f0effe47
-
SHA512
cee82bb4339094827ce61ef1c94260cb17d0b0ac46ec9d82b34639a9e4c9e9ca7e9ac312e7a021e574d7b3feebc94767609700308dd0cd8b72735a675ab01891
-
SSDEEP
6144:tNDlOlZOvRQmfszRZBdhOSmhhyDRXR0OjN5c/9WG3ktHhpBnyv+bx2MTxrLM37VQ:tsZOv09dhOSmCVhjg/9WG3QBPyv+9Zt1
Score10/10-
Guloader family
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-