MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b
SHA3-384 hash: 91d628964a162b009b34adf90fed68442fbc5c87cb255cbef3db4c826ecb13d672c41c31f0c9c88f305d016ee7893370
SHA1 hash: be33fa41e1a4b0384940853bcd6740850bb5f40d
MD5 hash: b4a978e57df7c054520c36ffec9b2dee
humanhash: uncle-delta-alabama-floor
File name:SWIFT031.SCR
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2021-03-18 06:18:50 UTC
Last seen:2021-03-18 07:48:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 97871acd9c5a2bdcb6bf8a291448d3db (2 x GuLoader)
ssdeep 1536:PKIYUSozFKwvFIREc2ZGs61ETRwm4F55hRYwHDL1V2CEgYXCGZIF8t1vR9UjeWOI:P8ZozFKwvFqEc2PIc3qIOeW
Threatray 65 similar samples on MalwareBazaar
TLSH ACA3E7DFE6A94703E511BE322344D36D3F14BD243052CF536E506E3A28B9686A4BE787
Reporter cocaman
Tags:GuLoader scr SWIFT

Intelligence

File Origin
# of uploads :
2
# of downloads :
317
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SWIFT031.SCR
Verdict:
No threats detected
Analysis date:
2021-03-18 06:21:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a6193383-9d14-4ced-8d59-040fba5c32e9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/125370/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.31434.28824.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/644029
Signature
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-03-18 01:38:23 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=atswdejyddrdnbdlchhj3qi6idfaj2dokxa6ymkndlw5eq23einq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
65aaafb0ff30d74d71b57e4890e42f6cb9dce158b853e336971c7d1a717a07c1
GuLoader
700f698c42bd0c706c968e420ac3f60c70e4cd714318b61bb3118c564f9e2f3d
GuLoader
7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
GuLoader
97c784403f83adbd7a4b8142c3e69e9acba2898d7293063a07b58ea35dff7b39
GuLoader
a7496341a05c027a5e7adbbbed5d9633369b64f772d60f36d219ac48be774145
GuLoader
eb4582cb00844df09a71aa8f41a8f05f6775230e35f8775c7b52302dc6d0716c
GuLoader
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
GuLoader
fb98989e3e598841af7312f2d7eb011d9dafcd031caf39e39e7208ba37590ad5
GuLoader
+ 55 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210318-1z9xbdrncx/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b
MD5 hash:
b4a978e57df7c054520c36ffec9b2dee
SHA1 hash:
be33fa41e1a4b0384940853bcd6740850bb5f40d
Link:
https://www.unpac.me/results/2ec7e9a8-7f99-4ec2-bea1-b412d7f30be3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 1c72c160eaaff55dd63473b8f5d775cf11cdb67a795f4544931a37efe90c7256

GuLoader

Executable exe 04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 1c72c160eaaff55dd63473b8f5d775cf11cdb67a795f4544931a37efe90c7256
Cape
Cape
https://www.capesandbox.com/analysis/125370/

Comments