MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d6331c8cf26f9acc508301a955dc0ff69034b240b751553eb4f155a3be322aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d6331c8cf26f9acc508301a955dc0ff69034b240b751553eb4f155a3be322aa
SHA3-384 hash: d069cad5326e5415743a81c6bded640f42652abf91c92ef68702a4d40770f463ba273b1db4b1ff3d21c1a712405763f1
SHA1 hash: 0f2a8c01f66cd077267ea4ef8cf3a02decb37002
MD5 hash: 16da2b1c3ad40699bdeab6218db98e1b
humanhash: comet-bacon-eleven-robin
File name:SOLICITUD DE COTIZACIÓN 01-03-2022·pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:469'928 bytes
First seen:2022-03-03 06:44:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (728 x GuLoader, 452 x Formbook, 295 x Loki)
ssdeep 12288:DbDAMwnmDd33cpDTr0T6d+IsBUyrABA7w1Ag2s6z0LEh:DbDAMwn4dnqP7+lBUbB4w1FLif
Threatray 9'678 similar samples on MalwareBazaar
TLSH T118A412189741C42BDE898A36ECB292F5B739BD50DD108F0F27607E1D7EB52E3AA1C158
File icon (PE):PE icon
dhash icon 10c660f0dcf039c2 (1 x Loki, 1 x GuLoader)
Reporter lowmal3
Tags:exe GuLoader signed

Code Signing Certificate

Organisation:BLACKLISTED
Issuer:BLACKLISTED
Algorithm:sha256WithRSAEncryption
Valid from:2022-03-01T14:49:52Z
Valid to:2023-03-01T14:49:52Z
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 542e344737e3057bfdb0c6a787dd4e1c3c0bba7bd44c0f34690abe85b11e5f5c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
283
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/246689/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Creating a file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/7964/overview
Behaviour
MalwareBazaar
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/89e698c8-4af0-43a2-a662-b613198832c7
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/949701
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d6331c8cf26f9acc508301a955dc0ff69034b240b751553eb4f155a3be322aa/
Threat name:
Win32.Downloader.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2022-03-02 02:23:13 UTC
File Type:
PE (Exe)
Extracted files:
37
AV detection:
16 of 27 (59.26%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bvrtdsgpe342zriiganjkxoa75uqgszebn2rku7lj4kvuo7dekva._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
00b74733bcfeb9fbe6351f62fad0c9c2653ea90989461912d120f89472a262f1
GuLoader
35f9dd17bfe8b62676bead6a48638b65fd2372b9699cd7572b58e12192143849
GuLoader
4db943d3621a557370a3585cd61db3f9835c65f350a2284c9d5f3024adb0ff07
GuLoader
7afa7c7724abb034d3155e1e1fc1fd3f9961e56fd6119428d975d8aaee3070f9
GuLoader
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
GuLoader
ab2261ddf24d2524a3ffe99044fac988f6178be9bc78d28cd5db289c414c3a4f
GuLoader
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
GuLoader
c6e5156c311412210237810450648947699d1c4862536a4e86b778e899627292
GuLoader
+ 9'668 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/220303-hh37bshed9/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Checks QEMU agent file
Loads dropped DLL
Guloader,Cloudeye
Unpacked files
SH256 hash:
0d6331c8cf26f9acc508301a955dc0ff69034b240b751553eb4f155a3be322aa
MD5 hash:
16da2b1c3ad40699bdeab6218db98e1b
SHA1 hash:
0f2a8c01f66cd077267ea4ef8cf3a02decb37002
Link:
https://www.unpac.me/results/33dc9a8c-bb30-4b10-bd39-22e9459948f1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.33
Link:
https://yomi.yoroi.company/submissions/0d6331c8cf26f9acc508301a955dc0ff69034b240b751553eb4f155a3be322aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 0d6331c8cf26f9acc508301a955dc0ff69034b240b751553eb4f155a3be322aa

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/246689/

Comments