MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fc65a967ab063e5d58e0358b81f9eca048b47013f1e2b1383d8f028b114cffd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fc65a967ab063e5d58e0358b81f9eca048b47013f1e2b1383d8f028b114cffd
SHA3-384 hash: b84904389beafdfa7b283f344ae5041886cde0b0bd992914e2b0782ea5932ac9662347f1c64f084ae9ae1da9782627cd
SHA1 hash: e96e7c1caabb6a9250982fdf9a370e62406fc384
MD5 hash: 66be55da9e2ab05f8452bf8a3de2707c
humanhash: happy-whiskey-spaghetti-berlin
File name:66be55da9e2ab05f8452bf8a3de2707c
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2021-07-06 16:53:46 UTC
Last seen:2021-07-06 19:52:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 773df40b486ba5eea01d9fbfa70abb4f (6 x GuLoader)
ssdeep 3072:hbD/Xiw+FdW1vjxgDsSG7UsPDKV6UZikvQi:hgFdKLx2sSG4aDQLZ
Threatray 897 similar samples on MalwareBazaar
TLSH 7AC35BA3B6D95CA1FED14F701471D9263726BC3078939E1F3643BAAA7C32602657062F
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
279
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
iso certificate.js
Verdict:
Malicious activity
Analysis date:
2021-07-06 16:17:06 UTC
Tags:
trojan loader
Link:
https://app.any.run/tasks/49af31c4-f77a-45f8-bad8-1bcf18b42628

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170060/
Detection(s):
SecuriteInfo.com.Variant.Graftor.974196.18247.9740.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4371e9ef-4593-4dcf-a114-c966cb5c4406
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/812457
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/1fc65a967ab063e5d58e0358b81f9eca048b47013f1e2b1383d8f028b114cffd/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-07-06 07:44:15 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d7dfvft2wbr6lvmoanmlqh46ziciwrybh4pcwe4d3dycrmiuz76q._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
053a140695b51c69a923f0929b0cf46371168d1d7b77d96b0f8da88da976a197
GuLoader
0c724e4704276e151507e1379011952245432e05f09bf3945254baf80e04eedb
GuLoader
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
6876aa707adeeffbe08d86d26c6cf48b8d77d46c96f8ace28a523b0a846db38f
GuLoader
8b137dd6a6e551e04c153e201ee66fae098842c02f872897f02ff46d194cc5e3
GuLoader
90e4736e48846a554c0438083177e6b7f1753450d32b80497c5e3d93d1344849
GuLoader
938087389b02ec5d84f851272745beb0dbd672a0515addacbf640c228ed6c710
GuLoader
94f4ae590ee86d414202b7e94ee0902170e6342546a14b4f6156a7f7ea8937f5
GuLoader
99b13841abbf0c2bf736ab08e0e7f48cd28cab2e69eff60399de65e0eced2e68
GuLoader
e88388bec3164944678627db062b753e76b6f7f710a9fabc43dfe69e7df2f366
GuLoader
+ 887 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210706-m7whb89mns/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://onedrive.live.com/download?cid=A5C737E2685BE1EB&resid=A5C737E2685BE1EB%21160&authkey=AHaARqgUe7vtV_E
Unpacked files
SH256 hash:
1fc65a967ab063e5d58e0358b81f9eca048b47013f1e2b1383d8f028b114cffd
MD5 hash:
66be55da9e2ab05f8452bf8a3de2707c
SHA1 hash:
e96e7c1caabb6a9250982fdf9a370e62406fc384
Link:
https://www.unpac.me/results/21961fa6-6419-4149-9c63-98cff0b94f4b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1fc65a967ab063e5d58e0358b81f9eca048b47013f1e2b1383d8f028b114cffd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 1fc65a967ab063e5d58e0358b81f9eca048b47013f1e2b1383d8f028b114cffd

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1431283/
Cape
Cape
https://www.capesandbox.com/analysis/170060/

Comments


Avatar
zbet commented on 2021-07-06 16:53:47 UTC

url : hxxp://2.56.59.76/serologs.jpg