MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 068c246a584ef5cb5bf4eed36c06be63bef42cb4a1ce606349e1289b63acf8e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 068c246a584ef5cb5bf4eed36c06be63bef42cb4a1ce606349e1289b63acf8e1
SHA3-384 hash: 64f6b36b65949bdd922412f45cc27a9d6d50c4787a0f496a68a0011124418a263cf7faf4651566eb409e5bdac8c86c1e
SHA1 hash: 50a04052d69e2b382ed37df8e29d814311f7e1c4
MD5 hash: dd1587fcec7d9c61b5b564898714ccd7
humanhash: vermont-charlie-sad-sodium
File name:URGENT INQUIRY.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2021-09-29 12:49:28 UTC
Last seen:2021-09-30 03:36:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2baf2cf5457a6cbc889a1294e9abb0e0 (3 x GuLoader, 1 x Loki)
ssdeep 1536:4cqyAJ418XIpCE+fmljKfB9CqGAaHAKIu2tNizGsotk4DL:47JGB+fmC9CqmAJCznik4
Threatray 746 similar samples on MalwareBazaar
TLSH T1DDB39D8DBA5C7ED1EC899131E917896CC2A37D46575A8F2F26B3B90F1C362C19B37006
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter adrian__luca
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/193170/
Detection(s):
Win.Malware.Mucc-9897626-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/648915f8-37cb-4709-aa5a-3045f99763ef
Result
Threat name:
GuLoader Remcos
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/861411
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
C2 URLs / IPs found in malware configuration
Creates autostart registry keys with suspicious values (likely registry only malware)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Potential malicious icon found
Sample uses process hollowing technique
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected GuLoader
Yara detected Remcos RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/068c246a584ef5cb5bf4eed36c06be63bef42cb4a1ce606349e1289b63acf8e1/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2021-09-28 19:43:01 UTC
AV detection:
26 of 45 (57.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a2gci2syj324ww7u53jwybv6mo7pilfuuhhgay2j4eujwy5m7dqq._file
Verdict:
malicious
Similar samples:
0523c9c53027d822021a5b2bad5d216461c060396944da4bf8cd6cc1963deebb
GuLoader
434e6827ed58ffd66a28619822626816559605a4e5d7c7cfe8770d3af043527d
GuLoader
4db943d3621a557370a3585cd61db3f9835c65f350a2284c9d5f3024adb0ff07
GuLoader
72ba15b643720e9bc8de41f0a5a14b2931e7018e41bf798c8e8e5d4fd8d70c7b
GuLoader
97cb7740ec9f0643c911e147ef1365b17babef450c76257a54b65360b8a7556b
GuLoader
9c20d2a4e22acfdf30c9b3cc30e5d5988454ac2eabaedfd4cbbc3b9bb5abdf27
GuLoader
ca38bc5a74167b7931db40cb00e670773b696df8c2df0d17761b38a99d40941a
GuLoader
d9040bf8ad755cd41dc6266c0e0049f4bac0eaa23f18a26931357fe21c719701
GuLoader
+ 736 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210929-p2y52sehh7/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
068c246a584ef5cb5bf4eed36c06be63bef42cb4a1ce606349e1289b63acf8e1
MD5 hash:
dd1587fcec7d9c61b5b564898714ccd7
SHA1 hash:
50a04052d69e2b382ed37df8e29d814311f7e1c4
Link:
https://www.unpac.me/results/4fde460a-fed5-442a-95a9-33ef259bde9f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/068c246a584ef5cb5bf4eed36c06be63bef42cb4a1ce606349e1289b63acf8e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 068c246a584ef5cb5bf4eed36c06be63bef42cb4a1ce606349e1289b63acf8e1

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/193170/

Comments