General
-
Target
1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae.exe
-
Size
84KB
-
Sample
240530-1wy4msah9s
-
MD5
71239d39b96b5cdc10d1ff98af0f07d0
-
SHA1
b89353b7d545270833a56f81f26724510ed5471b
-
SHA256
1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae
-
SHA512
646370e996d05d759f933ff7839d46a115a9fe236fa897c7af555400085a96289cb120e7224bb0302f70dd1cb0a84c4ac7ecbdfa25760b3e9c42712cfc6663a5
-
SSDEEP
1536:V8ysFY6TjMuToZPp0goKKHmGvPQJRWhRDQ/R:7xuQu4n4wJRWi
Static task
static1
Behavioral task
behavioral1
Sample
1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%21149&authkey=AKZCgadhv8s_S8Y
Targets
-
-
Target
1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae.exe
-
Size
84KB
-
MD5
71239d39b96b5cdc10d1ff98af0f07d0
-
SHA1
b89353b7d545270833a56f81f26724510ed5471b
-
SHA256
1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae
-
SHA512
646370e996d05d759f933ff7839d46a115a9fe236fa897c7af555400085a96289cb120e7224bb0302f70dd1cb0a84c4ac7ecbdfa25760b3e9c42712cfc6663a5
-
SSDEEP
1536:V8ysFY6TjMuToZPp0goKKHmGvPQJRWhRDQ/R:7xuQu4n4wJRWi
Score10/10-
Guloader payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-