MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 239629ce61bd284521557512f4781f72e7b8bdd56a8691845dc180ffc77b5252. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 239629ce61bd284521557512f4781f72e7b8bdd56a8691845dc180ffc77b5252
SHA3-384 hash: cf5cc7f7d1bea9e1b69050bff934fdc340642b994d8af652856b57748de1a978cd057a25b82275f76c40088661d11ddc
SHA1 hash: 9b7cc499c8a1ddd8ac341c080a5dc5dec1a043d9
MD5 hash: c2ed4186ca593ae3a4d1132be9e6010f
humanhash: twenty-west-solar-hotel
File name:purchase order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:237'568 bytes
First seen:2021-05-21 15:52:16 UTC
Last seen:2021-05-21 16:13:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6362bc17930cc127ae2b7ff37e9122d2 (9 x GuLoader)
ssdeep 3072:y+I1eY7cyEbbpVTGYsUOKDj4UlAYa8BNX:yUbdgtUBjCS
Threatray 1'739 similar samples on MalwareBazaar
TLSH D7348386B962A579F8C69174F526C20F0CA53CB372854E07BF832F63B0340576EF9966
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
purchase order.exe
Verdict:
No threats detected
Analysis date:
2021-05-21 20:10:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8098fa00-f1b0-4b86-9806-b759eedeeaa0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Malware.Generic-9863802-0
Create hunting rule

Win.Malware.Vibem-9863835-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/787642
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Executable has a suspicious name (potential lure to open the executable)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/239629ce61bd284521557512f4781f72e7b8bdd56a8691845dc180ffc77b5252/
Threat name:
Win32.Trojan.Vibem
Create hunting rule
Status:
Malicious
First seen:
2021-05-21 15:53:10 UTC
AV detection:
13 of 47 (27.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eolctttbxuuekikvoujpi6a7olt3rpovnkdjdbc5ygap7r33kjja._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
01006d50a9052ffee3ea3dc6429aeb86e4d361d1ffe69a455bb00a1e03962166
GuLoader
33ee2504a81c487ee235c0b171ffa1151f6bd4efa3ee0eff07cdff633dde2e60
GuLoader
814b21bdcdb81fb5f930e16b5f00eae2ade2ee2057d3c5758a8c80c25650a367
GuLoader
8653a11ee811265418a3b6f12945c585b77aea72f02b2d80f481c1100d895299
GuLoader
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
GuLoader
b89879aceeecfb9524dd5e08dde9afb89d7d39d5a4fc1c1cd4736693bf4cc39d
GuLoader
c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3
GuLoader
deb7f6e76d0d27a58d7eb53380b8f399d81caa842fe188830327b9aad82afdb0
GuLoader
e0be11fc058bc6f3e46b53c7ccae27e6a928875da1e7be4bdac03779401072f1
GuLoader
f8c32c700279f87b3956631cc6567e746afed535006a45f0839d4d346db8ad00
GuLoader
+ 1'729 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210521-gwnxfm1h4s/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://drive.google.com/uc?export=download&id=1tRm5EUZFyidzEFrRWwSAy7POFqAtEbrZ
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/239629ce61bd284521557512f4781f72e7b8bdd56a8691845dc180ffc77b5252

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 239629ce61bd284521557512f4781f72e7b8bdd56a8691845dc180ffc77b5252

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments