MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a07e270c189e9059526fc2570c7e4039f1140115e2f8544bba2b6f5923ac2ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a07e270c189e9059526fc2570c7e4039f1140115e2f8544bba2b6f5923ac2ce
SHA3-384 hash: 9a6a66324f5e5503b4eb6214db3ff41f07235bebab9f10aba5ee603a393edcf4d55eb0b8e453b33727a0c559f9ab8ead
SHA1 hash: d2db0de380be7f53dfc8c47c9d67efc6978a2104
MD5 hash: 3bc3ab41cc7c7d2d30fd785e897beb84
humanhash: hawaii-edward-kansas-zebra
File name:SecuriteInfo.com.Trojan.KillProc2.11384.22300.6845
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-08-20 11:29:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8149470224a75976a8a826a88225a14 (13 x GuLoader, 1 x FormBook, 1 x Loki)
ssdeep 768:vtcbAuGugV4REwnK8hcEQ3DY96eIm/rOP85pQIFJGscCEm0bquG:KbPvgVmKjEKk96KOkzGsQbB
Threatray 2'188 similar samples on MalwareBazaar
TLSH 6E834B06B8C896F2F25C8B755B505FF584FABCF559A2C90334C43E2A7A76A04893076F
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49115/
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.11384.22300.6845.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
DNS request
Sending a custom TCP request
Creating a file
Launching a process
Launching cmd.exe command interpreter
Setting browser functions hooks
Unauthorized injection to a system process
Unauthorized injection to a browser process
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/441337
Signature
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Tries to detect Any.run
Tries to detect virtualization through RDTSC time measurements
Yara detected Generic Dropper
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/6a07e270c189e9059526fc2570c7e4039f1140115e2f8544bba2b6f5923ac2ce/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 11:13:59 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nid6e4gbrhuqlfjg7qsxbr7eaoprcqarlyxykrf3uk3pler2ylha._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
169e90fc957c42bef2af2bc472799472af795ceeb2bd945e633d5f589e7e6f56
GuLoader
506381110aba86052e5ddfa191dffe2e533c8be5cd6f7104b96ba642aa038fed
GuLoader
5c6d005bb7bd065341b432bf6a27117c76115e18ae10fd21906759d05d05f733
GuLoader
635411fb8a81c1232977130d52f6643995799475f35d4d3ecf2c0b74c307c876
GuLoader
7890ba83f1cbdd2e461231b4862c15ed80300d361715fecece651094de62bd85
GuLoader
7abf73f6d63535a3770a681960124ee32f77d0305cfb82e80da13301829d5b25
GuLoader
b3349406861e76bfb84f4757a646c3fe94eb5e1cd27abeeffa48aabb6c8fa4d5
GuLoader
b43786f175549f7d8aba0d0213181d10a01a54ab6ac8256446b8f39de6022986
GuLoader
da418cd645143899691fa8b036073aaa5320a1d6c855699494f4b9b2419fb12e
GuLoader
e65997e20f521c8eee713623c45c9600a7a05629c85d73c9dd2bdf696f43e5de
GuLoader
+ 2'178 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
rat trojan spyware stealer family:formbook
Link:
https://tria.ge/reports/200820-vfrxgea5j6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.regulars7.info/otn/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/6a07e270c189e9059526fc2570c7e4039f1140115e2f8544bba2b6f5923ac2ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 6a07e270c189e9059526fc2570c7e4039f1140115e2f8544bba2b6f5923ac2ce

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/49115/
  
URLhaus
https://urlhaus.abuse.ch/url/437035/
  
Delivery method
Distributed via web download

Comments