Overview

overview

10

Static

static

3

REVISED ORDER.exe

windows7-x64

10

REVISED ORDER.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1eda502f93cfb27ab359369039c72a08e91a6574759affd3a997f261dc7f21c.zip

  • Size

    54KB

  • Sample

    250327-f8tpgazmy6

  • MD5

    69d75d32e0e9478755537bbe66eec266

  • SHA1

    62bb06f5e34978a7e28b764715bbadee1229bf42

  • SHA256

    c1eda502f93cfb27ab359369039c72a08e91a6574759affd3a997f261dc7f21c

  • SHA512

    406fad890511e0f5ec27a1d63327d0533974d6d785b89c882d23ec289e5d64a9c61801f04b77da420f35397a978afec8de4bfc1eeada555db11441774e550a61

  • SSDEEP

    1536:qMLVTQ+wRB8lBjH4PId9e0A/0axz1/rP01rhb2KfbfdZJ:qM53IS7YQDo/0uBrP62MbXJ

Score
10/10
guloaderdiscoverydownloader

Malware Config

Extracted

Family

guloader

C2

http://kiencuonghotel.vn/3month_RwHwwlGA208.bin

Targets

    • Target

      REVISED ORDER.exe

    • Size

      216KB

    • MD5

      5f5a1aaf1ee00e8b0b0b6a62713053a2

    • SHA1

      0caccf489130536d51fa8b210b170434d8b4e388

    • SHA256

      7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb

    • SHA512

      6f3138f02db278e4390d3b37bc1c84acb3d92052c290ffc2c732052fa273255f0de4e3b93b4c4f9cf48a7e95bb9a1d37adb2aa6ab6cca4467f36069d3b6086ab

    • SSDEEP

      1536:SKP5h81dkoxFBD8OXZ4zpS8JhHnF9YdGKyj2u2sOqCKjMbx3xxAOBT:5P5uDgOeFJJJItyStqybLKOBT

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.