MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23c3dc3110b350803b60cd2b4f6c60f97cab50b5eb86e0ac69ffbd6726273a21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23c3dc3110b350803b60cd2b4f6c60f97cab50b5eb86e0ac69ffbd6726273a21
SHA3-384 hash: cbdc9b8387e94ed62a00d74d0190f773ae0799733f33ab61ce2f1491981fae47bb70df723987240efa5b0ace626a13f9
SHA1 hash: 97642e08dda507dbbaf12902ffa36fa9c9a74ced
MD5 hash: 9f34a7040e8a31acdb33ee476da2bac0
humanhash: low-april-beer-green
File name:9f34a7040e8a31acdb33ee476da2bac0.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2021-02-11 08:12:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 16f77598a81965428d9ddc3711e9dab5 (8 x GuLoader)
ssdeep 1536:hpXUG6GXRbQAaFMWXBTaPfq2iQOGJnNdMsqOC:/XsGXlIGWXcPZinyCl
Threatray 4'720 similar samples on MalwareBazaar
TLSH B9B3C453B7B3EAA7DE05C1B14E1597AD8186FE30CAD48903A3F12F1E6A756D44E20393
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://dsak-71.gq/PROMISE%20FB%20RAWFILE_lyMmAsfyiL82.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Corporation Bank.doc
Verdict:
Malicious activity
Analysis date:
2021-02-11 06:36:32 UTC
Tags:
trojan opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/e91c335d-a2fb-41c0-8193-3a87052191b9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/116702/
Detection(s):
SecuriteInfo.com.Variant.Midie.79182.17927.31201.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/605473
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23c3dc3110b350803b60cd2b4f6c60f97cab50b5eb86e0ac69ffbd6726273a21/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 07:25:11 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=epb5ymiqwniiao3azuvu63da7f6kwufv5odobldj766wojrhhiqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0dd2025611ce58620fc312ecffbc7d6d159a0ac8d65eb4f16ee9622468b0437f
GuLoader
1011abd055c8404b9775bb16390cdec8cc9b6e59e0f1fcea70162b2cf4e3fae8
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
6e9b0671765cd5de22ba985a468ecad1549a48c1e85ca896c026697a6a8b165e
GuLoader
8af9082895b93e1952e76c069fe9047e2d02cde059ce34655df5960761ca5664
GuLoader
b1d7fd0aa40c6d462b4d4d15b1a842d6a300ef5cfde58455c3458baceaedcd6e
GuLoader
bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743
GuLoader
f30df93fd68e04fd16790bcf07429d484dc36398833a4258facd6b77ea6a3440
GuLoader
+ 4'710 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210211-k443k136a6/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
23c3dc3110b350803b60cd2b4f6c60f97cab50b5eb86e0ac69ffbd6726273a21
MD5 hash:
9f34a7040e8a31acdb33ee476da2bac0
SHA1 hash:
97642e08dda507dbbaf12902ffa36fa9c9a74ced
Link:
https://www.unpac.me/results/0d45ec33-cb1f-4a71-a265-f78b788491e0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/23c3dc3110b350803b60cd2b4f6c60f97cab50b5eb86e0ac69ffbd6726273a21

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 23c3dc3110b350803b60cd2b4f6c60f97cab50b5eb86e0ac69ffbd6726273a21

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1000524/
  
URLhaus
https://urlhaus.abuse.ch/url/1000465/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/116702/

Comments