MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c8b9ba8bdd9a1d91ba4d61c81480b7337e6189fb0836301d71e90fa6adec8b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c8b9ba8bdd9a1d91ba4d61c81480b7337e6189fb0836301d71e90fa6adec8b6
SHA3-384 hash: 32e9ecc1606217ba8731d66db0920f0236cd4ae97e68477e43493705da2a9705ac84b477f76fb10cf6bc9da4e58bcd72
SHA1 hash: 888f478a75ca41fceb86233083c047b0621a0d01
MD5 hash: 13d2947bf6c6870f9ad0bef3f7dcc43f
humanhash: oscar-shade-april-jersey
File name:Dolmas.xlsm.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2021-07-27 21:23:56 UTC
Last seen:2021-07-27 21:42:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8d57d2d3c907346d55c5c636fc76579b (1 x GuLoader)
ssdeep 1536:01BRMipLydPifEOpWhmDDQC0Q8spPjDN9lIsapn6nQVOjoe:KHFydPilW4gCNvI1sjl
TLSH T14D936A6230B7FE61C5991130C0ABC9F66E0DAD27DE15AB23294C3FA83970692957FD1C
dhash icon ec93929292968e92 (2 x GuLoader)
Reporter GovCERT_CH
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AWELE.xlsm.com
Verdict:
No threats detected
Analysis date:
2021-07-27 05:50:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3c86f643-4fdd-4f81-b286-8c24b6cced06

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174525/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37279666.312.14111.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4dfc19dc-47cf-4ed4-ac8d-2ed618bb38c0
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/822768
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected Generic Dropper
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-07-22 23:15:28 UTC
AV detection:
18 of 27 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bsfzxkf53gq5sg5e2yoicsalom36mge7wcbwgaoxd2ipu2w6zc3a._file
Verdict:
suspicious
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210727-qwpb8w4zgj/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
0c8b9ba8bdd9a1d91ba4d61c81480b7337e6189fb0836301d71e90fa6adec8b6
MD5 hash:
13d2947bf6c6870f9ad0bef3f7dcc43f
SHA1 hash:
888f478a75ca41fceb86233083c047b0621a0d01
Link:
https://www.unpac.me/results/ba2f490e-15a8-45a4-a3a5-da8e9e2d8769/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0c8b9ba8bdd9a1d91ba4d61c81480b7337e6189fb0836301d71e90fa6adec8b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 0c8b9ba8bdd9a1d91ba4d61c81480b7337e6189fb0836301d71e90fa6adec8b6

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/174525/

Comments