MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11e791b95a172c13756310e44f038e4f688742ff461f84a0e49315b23b7e5f58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11e791b95a172c13756310e44f038e4f688742ff461f84a0e49315b23b7e5f58
SHA3-384 hash: 8b2454be73b66645c1c51f9cba57f0c2b4a498be8bb756a35426549f7c99f262419fd177d4baa7f0c897690f2d4deee5
SHA1 hash: 958f928f68e0f5c8ec2ad7a5f2ddde24b8a950bd
MD5 hash: 356f11c2458076cc2c8cf65f0f849685
humanhash: paris-kansas-dakota-montana
File name:SecuriteInfo.com.Variant.Bulz.316571.6078.19639
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2021-02-12 22:54:57 UTC
Last seen:2021-02-12 23:54:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 53fe5e7e6489bb65d804ce47c8ae28cf (1 x GuLoader)
ssdeep 768:JKyD9dd7LRz30o8LcbDNvFdAYqO8wjAXQPvQ3NK7ecvszD:jD9dBh30oYwjo2mEYzD
Threatray 4'800 similar samples on MalwareBazaar
TLSH 6E63392AF6F07449D786F171CCD6D9DD509A7C3F4D829D0370853A17AAB29D283EA30A
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
364
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.Bulz.316571.6078.19639
Verdict:
No threats detected
Analysis date:
2021-02-12 22:57:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/696a17ca-c338-44e3-a8c8-3520b6567e1d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/117017/
Detection(s):
SecuriteInfo.com.Variant.Bulz.316571.6078.19639.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/607317
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11e791b95a172c13756310e44f038e4f688742ff461f84a0e49315b23b7e5f58/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-02-12 21:18:21 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=chtzdok2c4wbg5ldcdse6a4oj5uioqx7iypyjihesmk3eo36l5ma._file
Verdict:
unknown
Similar samples:
0074b4e19d6ad55ab6573d7522ead0f75a84b866611cc8133d08b5800e3bb32a
GuLoader
17314d9e48839344dafc7dbdb9af89ad08603a106fb09eda8f74af42dd8a8252
GuLoader
182b2d026edb387534dda66711ee6f9050bc8ed871d0ebb71a96f0b18498ba24
GuLoader
21afff77ea0ce89dca2d925ed0d8b5a61f7ab42ca9aca78019843e9e251bbcb3
GuLoader
5278046daacc4237354be9a2b1094f6a9467e317b17c959c772ed5a86e25d737
GuLoader
6d0ea7f49d0cfc2e0ee87a860e99381955f73e0b70a294281c213bb9d3e91822
GuLoader
7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad
GuLoader
81f7c328aef1d0b652a4e7b4157b34f2b462ace5c2f2483350b1a5e156ce8adb
GuLoader
b8709a0d94df64f37f997373ca3686aa4071ce1da9a407bcfee2fdb0ce9d096c
GuLoader
ed081d99724673a343863138b3eac0fbe402c8ba256cc466c535d3e7133187d1
GuLoader
+ 4'790 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210212-zt4rwzhah2/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
11e791b95a172c13756310e44f038e4f688742ff461f84a0e49315b23b7e5f58
MD5 hash:
356f11c2458076cc2c8cf65f0f849685
SHA1 hash:
958f928f68e0f5c8ec2ad7a5f2ddde24b8a950bd
Link:
https://www.unpac.me/results/cf73a5b3-3906-4f01-930e-0e8fd90838b9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/11e791b95a172c13756310e44f038e4f688742ff461f84a0e49315b23b7e5f58

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 11e791b95a172c13756310e44f038e4f688742ff461f84a0e49315b23b7e5f58

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/117017/
  
URLhaus
https://urlhaus.abuse.ch/url/1002962/
  
Delivery method
Distributed via web download

Comments