MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1942767aa808c15413e31d945174cdea44f4eeed5da3d5831aff879c90eb7609. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	1942767aa808c15413e31d945174cdea44f4eeed5da3d5831aff879c90eb7609
SHA3-384 hash:	8bb6dd61254568c2f2be3709158fe1ca7f311b9a91a8add6009d1c5664696cf22cefdf5c736db2ec17d56276a78e85ea
SHA1 hash:	467cdefde11cb29b45dc6ae03f5f51e44b6ba04b
MD5 hash:	c2bd7483bc6b3f52f1a2bc9e26f38f35
humanhash:	illinois-lithium-bulldog-wyoming
File name:	nContractNo-0001-BLT-2021-22_Purchase confirmation_JulyShipment_2021.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	98'304 bytes
First seen:	2021-07-14 13:25:40 UTC
Last seen:	2021-07-14 13:56:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	eccc13a0539495d61b4a3d603db3b16f (1 x GuLoader)
ssdeep	1536:AhZ6hScOAXYmL8PsIyEsJD+/wjnLaDPQc3F1ws:UwSfAI6t8a+/Dj3/J
Threatray	5'108 similar samples on MalwareBazaar
TLSH	T174A3C9B5F430E51BFB4AE032E095DA70C59B908DA3C7F52A705AC9E5D6A327127086CF
Reporter	James_inthe_box
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

187

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

nContractNo-0001-BLT-2021-22_Purchase confirmation_JulyShipment_2021.exe

Verdict:

No threats detected

Analysis date:

2021-07-14 13:29:25 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/8cb012cf-afea-4b92-b511-4cc436cd96f9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/171666/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.10256.24768.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ba939a7c-5df4-49ab-85ac-80235264d2be

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/816231

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1942767aa808c15413e31d945174cdea44f4eeed5da3d5831aff879c90eb7609/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-07-14 13:25:34 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

14 of 29 (48.28%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dfbhm6vibdavie7ddwkfc5gn5jcpj3xnlwr5lay276dzzehloyeq._file

Verdict:

unknown

GuLoader

5e3c17b9a8fb04fc0de847833073fba6b1f5b4c302c003cfb888f93e4bd54adf

GuLoader

60fe4a1f0ed577bfa8d10195a3d1123b0a7ab551d3579686ee6ac6bc18282fe5

GuLoader

73b83d70f24909aea7920a86029b43198979d7e31ab768619371e12fc7399f93

GuLoader

8179d2c371934e7f748fdf033d96a3b527158348e87ec21f1576136ede5d2d17

GuLoader

96beaff70c51e04f38db0943eddd24ecc142ef2815d536b82655e25fbf5a54db

GuLoader

b19739ad003d5bbd5f2fcc99f0d19d22cb389ae78ca81f31472cff469e53cf2c

GuLoader

d4dadc7dc5e003905cdd8f287bec1c4d751d8d9913689cb0894feb999917d791

GuLoader

e6cd47abf6c7c73449bd05329a0e30a48012c947d8762dd2429333af8d7bc198

GuLoader

faf4898dc104ee27f1d2adafa647094f57d9b282d6b3e7654c78e3d55eada723

GuLoader

+ 5'098 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210714-y6pv876m5e/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

1942767aa808c15413e31d945174cdea44f4eeed5da3d5831aff879c90eb7609

MD5 hash:

c2bd7483bc6b3f52f1a2bc9e26f38f35

SHA1 hash:

467cdefde11cb29b45dc6ae03f5f51e44b6ba04b

Link:

https://www.unpac.me/results/8e6aff55-04c0-49b7-8ea9-50c913fb63ba/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/1942767aa808c15413e31d945174cdea44f4eeed5da3d5831aff879c90eb7609

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/171666/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample