MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02181bd8a2feeaa9fbed05a366600e7edb06332b9ef2597568edd4076b6c35e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	02181bd8a2feeaa9fbed05a366600e7edb06332b9ef2597568edd4076b6c35e4
SHA3-384 hash:	5561979d3d5f0a4e6b4227b0ccfc5f18e89e2ace336be112c89b125e84be6f2bfc764721dd2f28cd5256aa49ee2c2255
SHA1 hash:	89bbdf33994e07f3101c77d757a8a8ee85b82f9a
MD5 hash:	5c6b13933bed7533a037b4effa7f23c8
humanhash:	single-single-maryland-magnesium
File name:	FACTURA.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	139'264 bytes
First seen:	2021-10-08 11:28:01 UTC
Last seen:	2021-10-08 13:18:21 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d0ac0bdf3a5152bcac064d77eed21690 (9 x GuLoader, 1 x Gozi)
ssdeep	3072:tPULlD5ZhdIrq12wHE/aFgVAaS2yhd8l9YTHyTLxzh/jrVB:tPULlD5ZhqrebHESFg6aSYBLrVB
Threatray	764 similar samples on MalwareBazaar
TLSH	T1C6D305D5B68D8536D402E07E6F3FD457AB1D3C330A407A83728E6B86E7721DA29B5342
File icon (PE):
dhash icon	00e0d282d2d200c2 (9 x GuLoader, 1 x Gozi)
Reporter	malwarelabnet
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

178

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

FACTURA.exe

Verdict:

No threats detected

Analysis date:

2021-10-08 11:38:42 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9aab9ada-5ced-45f6-972e-60f41be18897

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/196115/

Detection(s):

SecuriteInfo.com.Variant.Jaik.48350.7701.6949.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/61602b4698a6280f39347606/reports/cebbd8eb-1ff4-48f9-8c9b-f536ff3ed11d/overview

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/867018

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/02181bd8a2feeaa9fbed05a366600e7edb06332b9ef2597568edd4076b6c35e4/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-10-08 00:15:10 UTC

AV detection:

21 of 45 (46.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aimbxwfc73vkt67nawrwmyaop3nqmmzlt3zfs5li5xkao23mgxsa._file

Verdict:

malicious

Label(s):

cloudeye

Similar samples:

1bff56f04d07e60d4e7b628c6942a9b1476c4d9ad5c20cc97d8330b7cb7fa864

5beaf925ba1c27967e8d8235e53c98cf22a8ad6749cb42e7e7e2222f9e9e40d2

8bd2088df673c9e9ee6227a521bcadce468a7e9e0b6a7f6a462c20fc19a3d4bd

9c81bbf1bc2ab2eaac0c64e9b2477fc275fcbcec4f9e93664f7f754a6a73f11b

a73af68af80e885c118c828cc782e158a28ad61a2229f737288222a877c51291

b54efef8396314c1f95d540ce7d0ca79f9c8c98e431c6dd177ecf037167957de

b7949bfaf6abe4941e0e398499e8e4b020cdc6208d9fe40bcff9a02ed9367eff

e29eaf2eb064b7413755e438997bd51160816249665ba44aab2ed9b276dbfd39

fa9e12a03b909482d5bacd2d7ab1a8d672528bfcf43402c04b6d3a30702b0c4d

+ 754 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/211008-nk1f4seahl/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

02181bd8a2feeaa9fbed05a366600e7edb06332b9ef2597568edd4076b6c35e4

MD5 hash:

5c6b13933bed7533a037b4effa7f23c8

SHA1 hash:

89bbdf33994e07f3101c77d757a8a8ee85b82f9a

Link:

https://www.unpac.me/results/9c6bcc37-3573-4673-ae35-bb46cb4c6e57/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/02181bd8a2feeaa9fbed05a366600e7edb06332b9ef2597568edd4076b6c35e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/196115/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample