MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17e0bc9190c267c8116486597a2cfe0a20928ad2ff1c1bf3e7d599f398c0403a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	17e0bc9190c267c8116486597a2cfe0a20928ad2ff1c1bf3e7d599f398c0403a
SHA3-384 hash:	4dd77a22f1d78e978d028ce1dc16a402f7db0e4b039c82a7f77455cf05102a263d7cb28871e28ec8da042ede67162bd7
SHA1 hash:	0361c52597b6c3a4006d24d3ad435e17f0e65c23
MD5 hash:	07cd104f37748ac4f703a7baca9cb238
humanhash:	coffee-arizona-triple-lion
File name:	SecuriteInfo.com.W32.AIDetect.malware2.26129.26143
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	155'648 bytes
First seen:	2021-06-03 10:57:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	588b8638d1d2759c296cd4c26b27444b (1 x GuLoader)
ssdeep	1536:esdZx7EX6xOz0zldkjZFD2ZlZtUPx2B/PLR:esdZ5EX68gMj2lV
Threatray	1'837 similar samples on MalwareBazaar
TLSH	AEE32A7233428993EB0A40728CD34A5D1654BF6595170AEBE27EBE0F24727C3E5FA352
Reporter	SecuriteInfoCom
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

245

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.W32.AIDetect.malware2.26129.26143

Verdict:

No threats detected

Analysis date:

2021-06-03 11:04:17 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/04036f9d-d8c4-4342-af4b-5b82d1edd625

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Guloader

Link:

https://www.capesandbox.com/analysis/164374/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/796613

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found malware configuration

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/17e0bc9190c267c8116486597a2cfe0a20928ad2ff1c1bf3e7d599f398c0403a/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-06-03 10:58:11 UTC

AV detection:

15 of 29 (51.72%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=c7qlzemqyjt4qeleqzmxulh6biqjfcws74obx47h2wm7hggaia5a._file

Verdict:

malicious

GuLoader

34188e4e50f61757d4a945f3ec626d9c5ee1c71bb1d45ef83535f3490f829497

GuLoader

414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65

GuLoader

4aff31bec64048fdf3913ac6ac61d5670cc351a3054500e6dcf25779b1a2e54b

GuLoader

7dfb08f5a669070d545d5e1e4d72c27b8c80d9c95820e441bbbacf1e9dd4aa31

GuLoader

a151c0f3672154b29c4e19a91b033f89e2ba24a275c8994a6d193d451b8d57ea

GuLoader

a2afda47f4169023bca3c730a48e58d6c40e84236b959a871e883ded3304d5fb

GuLoader

b2462d16cc9531dd5f8d9d0ea09ee96da1a09902f91dbddc9fe6c52f3467c590

GuLoader

b2b90c803853c036f18b858027ae242f675f65d075b6e21b12659e3c48e5815d

GuLoader

f6eb71b21b2f799172115bcceb379307f9c432445fed92cdba2ca911775b3f3f

GuLoader

+ 1'827 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210603-gkylnxq1qs/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Checks QEMU agent file

Guloader,Cloudeye

Malware Config

C2 Extraction:

https://drive.google.com/uc?export=download&id=1NW1GmZG6LwTuhs0TTE969xcFpP9_dc5q

Unpacked files

SH256 hash:

17e0bc9190c267c8116486597a2cfe0a20928ad2ff1c1bf3e7d599f398c0403a

MD5 hash:

07cd104f37748ac4f703a7baca9cb238

SHA1 hash:

0361c52597b6c3a4006d24d3ad435e17f0e65c23

Link:

https://www.unpac.me/results/fba26451-98f4-4841-b359-1e4a6f660ed0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/17e0bc9190c267c8116486597a2cfe0a20928ad2ff1c1bf3e7d599f398c0403a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe 17e0bc9190c267c8116486597a2cfe0a20928ad2ff1c1bf3e7d599f398c0403a

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1319093/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/164374/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample