General
-
Target
ARAH%20BME%20SDN%20BHD%20INV%20STATEMENT.zip
-
Size
634KB
-
Sample
241224-ahy9dawlcy
-
MD5
c9936b02187f484ce22f89470f80cdeb
-
SHA1
8d97f4b6f142d623173ed6bbb02b27d6fdb60a7f
-
SHA256
bf64141d69992e8ea43fad5e54127333c0f0613b193c43db36035c8cffdeecde
-
SHA512
31292c430a3b495584ca52c8197e1c7d628c9f478d98eae46ea46a4d949a5ca3591492b82c8c10585d9cd6e10cb89758d83d5a17954084ab07ef9780867c5f44
-
SSDEEP
12288:eZauYlUlJ7BB+5XsWg0L1LWphIKJYg+1I//CzIrUOGlGGVqnPxniyiQLRXXm:iaJOlp+dHxL6IKZ/0yUOGlF8i+dnm
Static task
static1
Behavioral task
behavioral1
Sample
ARAH%20BME%20SDN%20BHD%20INV%20STATEMENT.zip
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ARAH%20BME%20SDN%20BHD%20INV%20STATEMENT.zip
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ARAH%20BME%20SDN%20BHD%20INV%20STATEMENT.zip
-
Size
634KB
-
MD5
c9936b02187f484ce22f89470f80cdeb
-
SHA1
8d97f4b6f142d623173ed6bbb02b27d6fdb60a7f
-
SHA256
bf64141d69992e8ea43fad5e54127333c0f0613b193c43db36035c8cffdeecde
-
SHA512
31292c430a3b495584ca52c8197e1c7d628c9f478d98eae46ea46a4d949a5ca3591492b82c8c10585d9cd6e10cb89758d83d5a17954084ab07ef9780867c5f44
-
SSDEEP
12288:eZauYlUlJ7BB+5XsWg0L1LWphIKJYg+1I//CzIrUOGlGGVqnPxniyiQLRXXm:iaJOlp+dHxL6IKZ/0yUOGlF8i+dnm
Score10/10-
Guloader family
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-