MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dd2025611ce58620fc312ecffbc7d6d159a0ac8d65eb4f16ee9622468b0437f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0dd2025611ce58620fc312ecffbc7d6d159a0ac8d65eb4f16ee9622468b0437f
SHA3-384 hash: f9a1b3b4e94ca765dfe017d12f8537441dada7e60fd6a080855fbc76f666055eb0592c7946968ef6c0fc535a58ac68cd
SHA1 hash: 9d854957bd45501815801c2987acd85fccf706ae
MD5 hash: 09a7c9632429702bb61c6488dbc44fb6
humanhash: jupiter-idaho-magnesium-charlie
File name:SecuriteInfo.com.Gen.NN.ZevbaF.34804.gm0@aaa0NKki.17802
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2021-02-10 16:25:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 16f77598a81965428d9ddc3711e9dab5 (8 x GuLoader)
ssdeep 768:ViBXpmypYbrfbxeQKXmF5slfRMZCtIyGmqGSU/v+zDzHO0UTOQTiu4QFCVS9TJNk:kTYNeQKMkoCQGSU/sHOYT6CI9TMWipT
Threatray 4'839 similar samples on MalwareBazaar
TLSH 97B3C523B7B3EA97DE05D4B10E1592A9818AFF74C9D94903F3F12F1D2A759C24E20396
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://tunedinblog.com/wp-includes/bluez.exe
Verdict:
Malicious activity
Analysis date:
2021-02-10 14:28:51 UTC
Tags:
trojan opendir loader
Link:
https://app.any.run/tasks/0baa4d7b-be23-4ebb-9f15-c1fc9f09ccf3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/116588/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34804.gm0@aaa0NKki.17802.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/604838
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0dd2025611ce58620fc312ecffbc7d6d159a0ac8d65eb4f16ee9622468b0437f/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2021-02-10 11:41:39 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxjaevqrzzmged6dclwp7pd5nukzucwi2zplj4lo5frci2fqin7q._file
Verdict:
unknown
Similar samples:
6e9b0671765cd5de22ba985a468ecad1549a48c1e85ca896c026697a6a8b165e
GuLoader
6f05a4c741ce687b728cad820f1bf2667037ae77a51760a559765195115d0ab9
GuLoader
84f409f8aee0cf253fba68ae4027348449045f7bfb8723ac8fe0336c21c0b0f6
GuLoader
87fdcca436e0e9e220acb51332720668c04460d48d1791368e734c1539bd1f77
GuLoader
8af9082895b93e1952e76c069fe9047e2d02cde059ce34655df5960761ca5664
GuLoader
9532627f43a3de7b9c4414517f18197a08969adec3c24e1c2f1856e32613d5cd
GuLoader
b1d7fd0aa40c6d462b4d4d15b1a842d6a300ef5cfde58455c3458baceaedcd6e
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
d07136d108ff4e1867ba77d46bd6f9e9f83e64566d83b1b7c2099dd0de7fc4a3
GuLoader
dde6436d3e8a969f96e4ccec6904631d562efad960e0e9a6a2a865174750f3d6
GuLoader
+ 4'829 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210210-z6glvs27tn/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
0dd2025611ce58620fc312ecffbc7d6d159a0ac8d65eb4f16ee9622468b0437f
MD5 hash:
09a7c9632429702bb61c6488dbc44fb6
SHA1 hash:
9d854957bd45501815801c2987acd85fccf706ae
Link:
https://www.unpac.me/results/28557883-6677-4247-a351-848db641cce0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/0dd2025611ce58620fc312ecffbc7d6d159a0ac8d65eb4f16ee9622468b0437f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 0dd2025611ce58620fc312ecffbc7d6d159a0ac8d65eb4f16ee9622468b0437f

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/116588/
  
URLhaus
https://urlhaus.abuse.ch/url/998992/
  
Delivery method
Distributed via web download

Comments