MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c81361ad441943211d5840ed75d4decec4b8b286fc6176f9a8cfc67f631e694. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	0c81361ad441943211d5840ed75d4decec4b8b286fc6176f9a8cfc67f631e694
SHA3-384 hash:	1fe998575f0aa18d3a940fe29271f4adba54cc64400963f53d9fd27fa16231fda15cde57ff52ab4ca37b0c3f581aa55d
SHA1 hash:	f826119285bce668608fb48a347a19cab33a7cb5
MD5 hash:	b316ffa1e06549e0b4dbf16d774d4ae5
humanhash:	montana-ink-stream-east
File name:	#OSWL6 (BPS).exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	106'496 bytes
First seen:	2021-07-08 13:44:35 UTC
Last seen:	2021-07-08 14:50:26 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f6e083d868a135a07d80f02d2a01fccd (4 x GuLoader)
ssdeep	1536:/QoLPbwRlu/0ArN1YE/1B4F2aXNh5xZPkWXuOmn:IiwPuMArkE/1Kw0PxZ5XuR
Threatray	5'536 similar samples on MalwareBazaar
TLSH	T1BFA33913F7C0CCA9ECC54635197AC5A81673BC353C934E5B73863A6DBC386122ABA612
Reporter	Anonymous
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

177

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

#OSWL6 (BPS).exe

Verdict:

No threats detected

Analysis date:

2021-07-08 13:59:10 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9a7ef4c3-b1e7-4d1d-b25b-93f68057ccd2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/170454/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.10072.4897.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4fc201b3-5975-40fd-889f-90f0f623886c

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/813508

Signature

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found potential dummy code loops (likely to delay analysis)

Hides threads from debuggers

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Writes to foreign memory regions

Behaviour

Behavior Graph:

Download SVG

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/0c81361ad441943211d5840ed75d4decec4b8b286fc6176f9a8cfc67f631e694/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-07-08 13:45:06 UTC

AV detection:

10 of 29 (34.48%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bsatmgwuigkdeeovqqhnoxkn5twexczin7dbo342rt6gp5rr42ka._file

Verdict:

malicious

Label(s):

cloudeye

GuLoader

0c724e4704276e151507e1379011952245432e05f09bf3945254baf80e04eedb

GuLoader

1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094

GuLoader

26f2158d9837aa986e3d69b6cb3df0ea039d0434cd504c2911ad9788bbbf7715

GuLoader

35787807345e104b2fc93883c3d54925d876b4c6a03153110acd9cf86f655459

GuLoader

446ffbe53145c93ac0d5f2201a7602846d272fd772936583125b0bd0d331d04a

GuLoader

4ef5d20300b62654c4816aa089e9acf5fad299d6e13b12a7b6036e9ba9a6a7f2

GuLoader

64ed853709b8b3070163500aa33f199d3cacff5fafba4c895a9c9f85a664da40

GuLoader

9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372

GuLoader

baac016255a128a1209211bba2a47979f3392f12c41d5805469f899eba6de47b

GuLoader

+ 5'526 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210708-ez7mlgkhme/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Malware Config

C2 Extraction:

https://onedrive.live.com/download?cid=D2A609584332B259&resid=D2A609584332B259%211958&authkey=AGR4WwGmoAvW9JY

Unpacked files

SH256 hash:

0c81361ad441943211d5840ed75d4decec4b8b286fc6176f9a8cfc67f631e694

MD5 hash:

b316ffa1e06549e0b4dbf16d774d4ae5

SHA1 hash:

f826119285bce668608fb48a347a19cab33a7cb5

Link:

https://www.unpac.me/results/93006af0-de64-49be-99cd-e55bc15b8ae0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/0c81361ad441943211d5840ed75d4decec4b8b286fc6176f9a8cfc67f631e694

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Cape

https://www.capesandbox.com/analysis/170454/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample