MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1298d5b931dadd03d47b41c51556fb5707a6af6df9b4b483686fdbf155d083fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	1298d5b931dadd03d47b41c51556fb5707a6af6df9b4b483686fdbf155d083fd
SHA3-384 hash:	af20205975748624dc31a27936fcfa0b8552485b36869ef13ddc5e447b4cc98b36ea289c7d5ffef9ad517226f42a9275
SHA1 hash:	4ba76ce13cfc6ffe15c88c4176fd51851c997730
MD5 hash:	2702d6eb97b0ac11e4b92d98655343f1
humanhash:	stairway-shade-bluebird-summer
File name:	Rimping Document pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	581'380 bytes
First seen:	2022-03-30 12:01:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	56a78d55f3f7af51443e58e0ce2fb5f6 (720 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep	12288:x3SoWx1WkWagkEogb2pq8lc0phCbk4bdEasui2JX5VL2KcCZQeN:x3SoQBHEog6pq8L+k4bdEasui2R5UGJN
Threatray	932 similar samples on MalwareBazaar
TLSH	T1DDC41249B254D227F4829BB10D3AD64F5BA85C294A30EB5337F473497C72252BF2F606
File icon (PE):
dhash icon	429cbcae94bec686 (1 x GuLoader, 1 x Formbook)
Reporter	ankit_anubhav
Tags:	BoredFluff exe GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

221

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/259663/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware2.5166.20107.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Creating a file in the %temp% subdirectories

Creating a file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/12096/overview

Behaviour

MalwareBazaar

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

control.exe overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/624446bd9253b276b7a7392f/reports/a8a9be62-2757-4ca8-af68-1a417c534e54/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/cde5aceb-9401-4bc7-9f23-5a1c18972ebb

Result

Threat name:

Nanocore GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/967548

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1298d5b931dadd03d47b41c51556fb5707a6af6df9b4b483686fdbf155d083fd/

Threat name:

Win32.Downloader.GuLoader

Status:

Malicious

First seen:

2022-03-30 12:02:07 UTC

File Type:

PE (Exe)

Extracted files:

13

AV detection:

8 of 26 (30.77%)

Threat level:

3/5

Verdict:

suspicious

Similar samples:

076eee978cec1be476b4e103c42ca6081b8f6f73ddccdee87998df2f3b665f31

1432f0240c91b7439722df807e35ef9b4cc9b126f3e5d42cedb27b28751118d7

3944b429bf931ab06a980d4d15dfd69b5ea442c68938e0aee354e6c25311f94f

4b1e07f367e2c29e90cad5cd928dc1572dbcedfb04cd722fba01c67a7d349361

75f352e00f106877b2e7197ab6b6be0234aba379dec517009a7e26bfef612921

b076cbf14c6f0a9bbb4aaaf8242622cefb6bccdf2aef9e130b48a0552bb5016f

c5cbf9085eac3f9c2b9cbbf939c90f00d041f0f598b7762af7b371fe3cb61def

fe5d8bb940112ba98d51c57496fa25e242d3f6e4b28b183bfe2ef3ec2c393e9e

+ 922 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/220330-n7e4pabhf8/

Behaviour

Enumerates physical storage devices

Loads dropped DLL

Unpacked files

SH256 hash:

e0502e7fb54ddac6941add42b08b5f925d5641fdccdcc7fa04296ef1e0b74a13

MD5 hash:

59ce5f49b0defb65d0a9a4e740f9a55b

SHA1 hash:

d0aedee54226d53c5be895e781b8cc5f24455081

Link:

https://www.unpac.me/results/28fecaa1-07bf-4285-a453-bac1a5b29638/

SH256 hash:

1298d5b931dadd03d47b41c51556fb5707a6af6df9b4b483686fdbf155d083fd

MD5 hash:

2702d6eb97b0ac11e4b92d98655343f1

SHA1 hash:

4ba76ce13cfc6ffe15c88c4176fd51851c997730

Link:

https://www.unpac.me/results/28fecaa1-07bf-4285-a453-bac1a5b29638/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1298d5b931dadd03d47b41c51556fb5707a6af6df9b4b483686fdbf155d083fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/259663/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample