MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a17a42de16364bb496f161ef0c841526a31e4e2003b73a6bbaa54dc695ba9ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	1a17a42de16364bb496f161ef0c841526a31e4e2003b73a6bbaa54dc695ba9ea
SHA3-384 hash:	b3d21ebece8a57949996bd24fe0573c3f875190619ac8e3bd893a6034d5b90c071273147ae7869c317165cfbcd0f490b
SHA1 hash:	350720553439af66b7bb0cf8511ec5b594a4c21c
MD5 hash:	6b15a543c6bacb12d5234630fb88c034
humanhash:	tango-angel-princess-uranus
File name:	20230405_076650727_CEN7712280103884_2A9331_001_trn_exp_confirm.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	832'534 bytes
First seen:	2023-04-06 08:15:25 UTC
Last seen:	2023-04-06 08:33:44 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7ed0d71376e55d58ab36dc7d3ffda898 (133 x GuLoader, 28 x RemcosRAT, 23 x AgentTesla)
ssdeep	12288:la7i1wKmMUVsTyWrWT6VCUvH99/mHuzdpyTrjAc+SdgyjZQHmemZvEbM11AXAja:okHxUV8TVt9Pz6TrCSdgyjZimeW1sAja
Threatray	559 similar samples on MalwareBazaar
TLSH	T124052359B6D6C823D0C97C7388A7ABD63273EE1154285E477B80BB5D34363EAE807249
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	2440447060e00880 (1 x GuLoader)
Reporter	Anonymous
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

259

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

20230405_076650727_CEN7712280103884_2A9331_001_trn_exp_confirm.exe

Verdict:

Malicious activity

Analysis date:

2023-04-06 08:16:00 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/12a65a72-fadf-4a35-87fa-36875265859b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/380581/

Detection(s):

SecuriteInfo.com.Gen.Variant.Nemesis.21469.4215.11785.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Creating a file in the %AppData% subdirectories

Searching for the window

Delayed reading of the file

Sending a custom TCP request

Creating a file in the %temp% subdirectories

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/642e7fc3e4cbfcf36c5fff2c/reports/05d6043a-de04-458f-bdac-0b279f0a5cbd/overview

Verdict:

Malicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/1a17a42de16364bb496f161ef0c841526a31e4e2003b73a6bbaa54dc695ba9ea

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d4673aa1-dc36-4844-9a2a-7870eebe84e9

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1209497

Signature

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1a17a42de16364bb496f161ef0c841526a31e4e2003b73a6bbaa54dc695ba9ea/

Threat name:

Win32.Trojan.Guloader

Status:

Malicious

First seen:

2023-04-05 12:03:09 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

9 of 34 (26.47%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dil2ilpbmnslwslpcyppbscbkjvddzhcaa5xhjv3vjkny2k3vhva._file

Verdict:

unknown

GuLoader

3e924b372c019c41e9995a276ce5c1b1487d14ceb9fbc8d606a09a83df5989b8

GuLoader

4db943d3621a557370a3585cd61db3f9835c65f350a2284c9d5f3024adb0ff07

GuLoader

5a70453a6b4f6a5dfd956507dcb364fa07bd6517f87ee23ed6d703f7ec1f6599

GuLoader

629156764548d3bdbc062de11f6ad819bb0d7d166aac339b04674861df522206

GuLoader

723ff97e6559f6558c288ca693898592a21aab28c003883ca13b81667d7e3aef

GuLoader

c627b8bb6c4ea0cf03aa2d209d0ecc53ff9784283328dabd44c1675aef0939c2

GuLoader

d03b9ead3cfc79c7495986f26b97dbe24b0558314a4993f595c80f8817295c48

GuLoader

dc5da53a5e93a588335b6561258d1540ac7d696c633d03de92e72d8e53254234

GuLoader

+ 549 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/230406-j6pjhscb82/

Behaviour

Enumerates physical storage devices

Loads dropped DLL

Unpacked files

SH256 hash:

4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

MD5 hash:

3e6bf00b3ac976122f982ae2aadb1c51

SHA1 hash:

caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

Link:

https://www.unpac.me/results/da508546-87fe-4388-b666-57cfdce48f0c/

SH256 hash:

1a17a42de16364bb496f161ef0c841526a31e4e2003b73a6bbaa54dc695ba9ea

MD5 hash:

6b15a543c6bacb12d5234630fb88c034

SHA1 hash:

350720553439af66b7bb0cf8511ec5b594a4c21c

Link:

https://www.unpac.me/results/da508546-87fe-4388-b666-57cfdce48f0c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1a17a42de16364bb496f161ef0c841526a31e4e2003b73a6bbaa54dc695ba9ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/380581/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample