MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b65815d462586870177898072a1500ec014a390eb466ea0dd716567ada4109a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b65815d462586870177898072a1500ec014a390eb466ea0dd716567ada4109a
SHA3-384 hash: 89e95608304aabb96c47002f0b11e2b3c91bfa1bf5f66ca24f158f2605638a0d31b5afa3609049c162e3dbfb3b776471
SHA1 hash: 5e7e1db40c9104297c3b05b26c97a788eb92401b
MD5 hash: 0fb63e5eb6af1aff086e3c2a2321f716
humanhash: spaghetti-west-mars-crazy
File name:Statement of Account.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2021-10-13 09:43:11 UTC
Last seen:2021-10-13 11:23:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c727a98e677fb7bd25bb06d2a2d956f1 (11 x GuLoader, 1 x Formbook)
ssdeep 1536:5sYs89TfPXmlAo30SC66Biy2bbMSekC7dY5KwchyuGWawkANvv0LLhQ4sZiDNmMN:5JXS0SC6aiyCYUKw7T3hBd
Threatray 749 similar samples on MalwareBazaar
TLSH T1D8D3A4A162B08FD9E0A78ABF13E5471035717E340912AE47F69CBE1E4E761E0D59032F
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter GovCERT_CH
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
241
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Statement of Account.exe
Verdict:
No threats detected
Analysis date:
2021-10-13 09:50:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/01b3ffcd-5a91-468c-8839-2490ac5d3b3c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197166/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.29475.16205.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6166aa651c2d58ba740485dc/reports/371de542-d5ff-4858-9484-eeb39c5e2e17/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f556ba8d-bf81-437a-a09c-a53cbe5fee10
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/869486
Signature
GuLoader behavior detected
Hides threads from debuggers
May check the online IP address of the machine
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b65815d462586870177898072a1500ec014a390eb466ea0dd716567ada4109a/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2021-10-13 09:48:52 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bnsycxkgewdioalxrgahfikqb3abji4q5ndg5ig5ofswplneccna._file
Verdict:
unknown
Similar samples:
07d56641a8a93a75b1cdd3a38cabed15b08dec4205c876ed6ab99b9ca48a4cec
GuLoader
4db943d3621a557370a3585cd61db3f9835c65f350a2284c9d5f3024adb0ff07
GuLoader
54d6bf54d00aa6ce5376f705ed87bd6d85a87b1920bfb6e9f71c00a0974acca2
GuLoader
63fc38aa5b0c164782277fca75b34aa78c935f08b4e04335b4d1833b0231d1a9
GuLoader
811de8503ce4a7cc2bf23387c4841694be046c532ddee322ea8a75fbaa6d0f22
GuLoader
81be23ce8636c948e1ac5c966ee5c34f738f8dc20aa85acedbca48f92e1ff363
GuLoader
ba0751d8b1ccba23fce33d31e5f8ecf75af336cac86b5ae1d2c4306d53cd148c
GuLoader
f8abb401812eafff1ca24fbafc67d5cdb34ba384da284b55d5350a5300fb7757
GuLoader
fd268c1e214dd5e0ae8dd56403ef5001769f9fc0ac5e7491c9460a52dfd2cc89
GuLoader
+ 739 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/211013-lqhr5sdfhl/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
0b65815d462586870177898072a1500ec014a390eb466ea0dd716567ada4109a
MD5 hash:
0fb63e5eb6af1aff086e3c2a2321f716
SHA1 hash:
5e7e1db40c9104297c3b05b26c97a788eb92401b
Link:
https://www.unpac.me/results/5b317dd4-3c64-42cd-862a-35b29a21c2b2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/0b65815d462586870177898072a1500ec014a390eb466ea0dd716567ada4109a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 0b65815d462586870177898072a1500ec014a390eb466ea0dd716567ada4109a

(this sample)

  
Dropped by
guloader
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/197166/

Comments