MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 184676b18d687073308c791c9145f0b0c8bc6a75fd4ed7aff7803381701c06f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 184676b18d687073308c791c9145f0b0c8bc6a75fd4ed7aff7803381701c06f0
SHA3-384 hash: 0139cfc243e4f4411df426c83d3547ec7ab511ee7995f07505ff9770856c1963fecbe3901ae61a121d14683e06deefcb
SHA1 hash: d60b74f3275e6d3ab7657aea53e8f606595808cb
MD5 hash: e8d0b4855440c422e297cb1c56aa8e43
humanhash: magazine-fourteen-nuts-hotel
File name:SPECIF~0.EXE
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2021-05-04 04:59:39 UTC
Last seen:2021-05-04 05:53:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 880cafba8cacb137a97f861a2c726b62 (1 x GuLoader)
ssdeep 1536:6V2p+voOGIhkbIVb2ayvnF7lJswgtzz2i63kmA7Gw4mDAI16luJ17hH0SPtnw2i6:6bvozICHDvBJkzz25aPzAcHj9w2
Threatray 1'101 similar samples on MalwareBazaar
TLSH A104F7326E04949EE9AD2A70A415C972F3162C1471092E5F7EA1FFB137F26836DF5E02
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/149673/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46241113.23890.28765.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/709205
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/184676b18d687073308c791c9145f0b0c8bc6a75fd4ed7aff7803381701c06f0/
Threat name:
Win32.Downloader.Minix
Create hunting rule
Status:
Malicious
First seen:
2021-05-03 16:08:32 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
10 of 28 (35.71%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dbdhnmmnnbyhgmempeojcrpqwdely2tv7vhnpl7xqazyc4a4a3ya._file
Verdict:
suspicious
Similar samples:
12e42bff4fa377032623342ac1f23a5c87225a40ef8b900cbb06ae4bd203864d
GuLoader
22b13820a6139c7682d5e1108aefde2200dc593e14fe7fca28eb27d5e616bef7
GuLoader
250d4d5045162c39e3c1b9d637e0188089299a04106202afdf1f4826d24e27f4
GuLoader
34a666042ff3ad45f4e1e37776cc55d4f4fdd1bcd8233852839d55fc076410d1
GuLoader
39874f3eb3d660ef8af1c02af08ddfa4d3dc14aedf2c216e3e1f8639813bf2e1
GuLoader
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
GuLoader
6147decc439b9d258f5b19f77dfa47ea441e681c49e0b699533eea18104f4092
GuLoader
c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3
GuLoader
c63a3f86be406a11e8f7760403e407a97441753205f8cef432fd634856ca2992
GuLoader
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
GuLoader
+ 1'091 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210504-4sjxhp4htx/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
184676b18d687073308c791c9145f0b0c8bc6a75fd4ed7aff7803381701c06f0
MD5 hash:
e8d0b4855440c422e297cb1c56aa8e43
SHA1 hash:
d60b74f3275e6d3ab7657aea53e8f606595808cb
Link:
https://www.unpac.me/results/d51159c5-a810-49fe-b9cf-c286fb7d05a5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
DriveBy Activity
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/184676b18d687073308c791c9145f0b0c8bc6a75fd4ed7aff7803381701c06f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 918090d6fc0149a468d638347c71380eda93f95752a68363f31383210c1cd106

GuLoader

Executable exe 184676b18d687073308c791c9145f0b0c8bc6a75fd4ed7aff7803381701c06f0

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 918090d6fc0149a468d638347c71380eda93f95752a68363f31383210c1cd106
Cape
Cape
https://www.capesandbox.com/analysis/149673/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-04 06:01:06 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009.029] Anti-Behavioral Analysis::Instruction Testing
1) [C0019] Data Micro-objective::Check String