MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 231d6a2cadc26a70f5663ef666e8a0700946d10e9f845b1c11273b3ab3638611. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	231d6a2cadc26a70f5663ef666e8a0700946d10e9f845b1c11273b3ab3638611
SHA3-384 hash:	9fe30be4d12655af5cde98efa27810a03dc5d9fb1d3f69eb27a135fcc0a613768df7f06ec410a772ee44ebd8b88dd933
SHA1 hash:	c706de5a9678454f2475f44f105d0b24f098959a
MD5 hash:	690e90649f10823c38af473639e7759e
humanhash:	august-angel-social-kentucky
File name:	New Order 789230032.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	118'784 bytes
First seen:	2021-10-05 23:25:55 UTC
Last seen:	2021-10-06 00:01:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	461dc836626597933929a467ef09b568 (4 x GuLoader)
ssdeep	1536:4H6WfDWPCIk2I+kHd0yGStvJVDh6Qfa9L7gSG2peE4n3GpaBDs3:4H6WaCAm0yGSDVDhfi1vjW3GpaBDK
TLSH	T161C34A50B2E09848F2A50A71C97AD5B40BE7FC5D9D13C70B2DC5394E3B7AB089B167E2
File icon (PE):
dhash icon	1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter	GovCERT_CH
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

238

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

New Order 789230032.exe

Verdict:

No threats detected

Analysis date:

2021-10-05 23:27:31 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/c5c588de-73c0-4376-ad68-ab7f5a8515ce

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/195212/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.7978.10150.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/615cdf0eb95458900cdcbc20/reports/d5510f34-6c28-4202-975b-e1769c2ba47f/overview

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2b8f33ca-b3f1-4b64-95b5-2edf116a70ba

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

rans.troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/865149

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Initial sample is a PE file and has a suspicious name

Multi AV Scanner detection for submitted file

Potential malicious icon found

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/231d6a2cadc26a70f5663ef666e8a0700946d10e9f845b1c11273b3ab3638611/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-10-05 23:26:04 UTC

AV detection:

14 of 45 (31.11%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=emowulfnyjvhb5lgh33gn2faoaeunuiot6cfwhare45tvm3dqyiq._file

Verdict:

malicious

Label(s):

cloudeye

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/211005-3eve8sadd3/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

231d6a2cadc26a70f5663ef666e8a0700946d10e9f845b1c11273b3ab3638611

MD5 hash:

690e90649f10823c38af473639e7759e

SHA1 hash:

c706de5a9678454f2475f44f105d0b24f098959a

Link:

https://www.unpac.me/results/cd738660-97ea-4a56-a909-cc81253765a8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/231d6a2cadc26a70f5663ef666e8a0700946d10e9f845b1c11273b3ab3638611

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

exe 231d6a2cadc26a70f5663ef666e8a0700946d10e9f845b1c11273b3ab3638611

(this sample)

Dropped by

guloader

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/195212/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample