MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827
SHA3-384 hash: 1b232c64ef704961a1d986e24bc464c599510b599e17f4125bbe012daeeba5df63cf36fe678488280990089fe9d8b4b7
SHA1 hash: a77c9fc2b255398f53d28f6e67633c62a0143fa5
MD5 hash: 8272ecc1672ecb390cdedb27df85b20d
humanhash: uranus-robert-nuts-india
File name:URGENT MEDICAL REQUIREMENT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2021-01-13 20:07:38 UTC
Last seen:2021-01-13 21:59:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e4e19abc2b8b3cdf6beb846e51c393a2 (4 x GuLoader)
ssdeep 768:IkQzo6k3c8OPfkCdmhrvbQEGF67WCCfElQZ:pQzcsgCq/QNFUaElS
Threatray 625 similar samples on MalwareBazaar
TLSH 11537D11D968C4CFE58EFBF130B2C6557EE3A091A9900E4B3C483A34BD2E4C26B94767
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.blackcathostal.com
Sending IP: 68.66.194.83
From: BOBB Heavy Equipment Rental L.L.C. <remesh@bobcranes.ae>
Subject: URGENT MEDICAL REQUIREMENT
Attachment: URGENT MEDICAL REQUIREMENT.gz (contains "URGENT MEDICAL REQUIREMENT.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1xwdGwTWLQhPsVUs9VH4Sdefcrf_TA4Fj

Intelligence

File Origin
# of uploads :
2
# of downloads :
240
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ
Verdict:
No threats detected
Analysis date:
2021-01-13 15:52:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a27982ce-dd5a-4ded-a626-289c779a1fec

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111836/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36101855.8877.16519.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/580586
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-13 20:08:15 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=djcap7kfraijcsk7sj3bfr56eovw3zyzjhsbslg4lakutbwszatq._file
Verdict:
suspicious
Similar samples:
0cb0059baf3983db9857ea71e6bff0a572c42b2badd00bffe78ff1fdf6a1c007
GuLoader
3d4b5ca6cf89ed481dee43c1b33dfd03c0863631efbbce57f1d678341f827872
GuLoader
5f5a9e4faecab33e7e4d15212fc14a8357bfbb335afa0e15ae2310d15aeb65bc
GuLoader
63de98faa67d46f10df36c933fc5007c5f41e28b9cadcaa53f39dc1611c7a8f1
GuLoader
70399b135fa0365dae66a01b072dd8614be73c7ff2b4cc51caeeef64dfc60ef5
GuLoader
71c480037054788a2dfd0b0b0c711cfb03faf7ee4fc34049b30fa2738cdd2610
GuLoader
79f98a45cdf0776c1ae83a4b027ded395fe8dfc4b520f51706fc7207b1e4c630
GuLoader
ba2e3e87fa2689d695769cd7ee633dc8b86e2079b776ca455573f75d5e7df4dc
GuLoader
c2dd8076e0be5f411f0677f1e03f7fc9cdae5df7072200d894e7247b4a5f5a2c
GuLoader
fbfebf420c076687262aa7a863151825402349231fe15f6ea52e680f19b11cfb
GuLoader
+ 615 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210113-jnje8hg3cs/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827
MD5 hash:
8272ecc1672ecb390cdedb27df85b20d
SHA1 hash:
a77c9fc2b255398f53d28f6e67633c62a0143fa5
Link:
https://www.unpac.me/results/984d160e-b736-4ad0-8118-dd0fa45f622c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 4850d1d4cd34c9860ecb02ad72ac74ec0fc450b3ac6e03254ec6f6768ecb3b3d

GuLoader

Executable exe 1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/958863/
  
Dropped by
MD5 b312c249e9b868cb4345bcdb16fe2847
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4850d1d4cd34c9860ecb02ad72ac74ec0fc450b3ac6e03254ec6f6768ecb3b3d
Cape
Cape
https://www.capesandbox.com/analysis/111836/

Comments