MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 145140cd633a7bf56dc72d7122eab466b85712460a3c33eced6256e18c0407c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 145140cd633a7bf56dc72d7122eab466b85712460a3c33eced6256e18c0407c6
SHA3-384 hash: 2538f86ed2cf9027257115becd4767d8427fd4ca978a898a4799445dcc55e047a73a280300f4fefda4705a5ef4a9adae
SHA1 hash: 4b56e597c61e83cb39e9e205f2ffc9a563cbf7f3
MD5 hash: 235614a191c0fe4dd483f5909248c306
humanhash: carbon-vermont-gee-kilo
File name:Urgent Order Confirmation #03082021MZGBD.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2021-08-04 05:51:00 UTC
Last seen:2021-08-04 07:21:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b28b105866cd7f6746798ef93a2371be (3 x GuLoader)
ssdeep 1536:kRIGq74rWrI99mWxGUr1sNbPxpOMddVgkDxY7mc:kRI17QmWx6NbZ4MfVBC
Threatray 5'493 similar samples on MalwareBazaar
TLSH T1F8B36D11A2B0ED45D28FC7B8D95DA5EA1204FE34F0009933AA1D7FADF5392D3D1A4A4B
dhash icon 7472ede4d0c0f8e8 (3 x GuLoader)
Reporter cocaman
Tags:bat exe GuLoader


Avatar
cocaman
Malicious email (T1566.001)
From: ""sales1" <sales1@profdraft.com>" (likely spoofed)
Received: "from profdraft.com (unknown [185.222.57.85]) "
Date: "04 Aug 2021 05:15:16 +0200"
Subject: "URGENT PO 03082021MZGBD Line#15 required urgent"
Attachment: "Urgent Order Confirmation #03082021MZGBD.bat"

Intelligence

File Origin
# of uploads :
2
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Urgent_Order_Confirmation__03082021MZGBD.bat
Verdict:
Suspicious activity
Analysis date:
2021-08-04 02:31:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cb3795e1-ce24-4a88-95ec-f4faa18f0617

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176222/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37342928.15286.24642.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c271023f-36b3-46ca-9a16-30e9fa6f00d3
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/826637
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
GuLoader behavior detected
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/145140cd633a7bf56dc72d7122eab466b85712460a3c33eced6256e18c0407c6/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 13:56:55 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=criubtldhj57k3ohfvysf2vum24foesgbi6dh3hnmjloddaea7da._file
Verdict:
unknown
Similar samples:
250d4d5045162c39e3c1b9d637e0188089299a04106202afdf1f4826d24e27f4
GuLoader
3012b7a51af86d42beaaf6488f7166002226cbaee3ccb92e1c2a2d4b107c3930
GuLoader
37fba5e93049ee78ac1fdf1fafe945636680193ddcb1dc9533f2c9ac80d3744c
GuLoader
552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162
GuLoader
6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df
GuLoader
73b83d70f24909aea7920a86029b43198979d7e31ab768619371e12fc7399f93
GuLoader
a9c312936a88ac3629aa8fb5c4d6b5fe5fcad17319b825bf4b383fd807cb3f51
GuLoader
+ 5'483 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210804-5ycgx3dxwx/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
145140cd633a7bf56dc72d7122eab466b85712460a3c33eced6256e18c0407c6
MD5 hash:
235614a191c0fe4dd483f5909248c306
SHA1 hash:
4b56e597c61e83cb39e9e205f2ffc9a563cbf7f3
Link:
https://www.unpac.me/results/0370c5e7-09d8-43a1-9007-4c72a742e90c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/145140cd633a7bf56dc72d7122eab466b85712460a3c33eced6256e18c0407c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 145140cd633a7bf56dc72d7122eab466b85712460a3c33eced6256e18c0407c6

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/176222/

Comments