MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 243ae30d42e90000b882779fae40e0056eab332b95e2c938446138a80868909e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 243ae30d42e90000b882779fae40e0056eab332b95e2c938446138a80868909e
SHA3-384 hash: f4d4ae08b0405e2450a8d8c33ebc807f00f5be793db7110f6b8fa57c4c31fdf5e3d5a645d784dde1698e5ebe1d574502
SHA1 hash: 7b391b4429dfbf19030fb49ce750aa3c8b844a6b
MD5 hash: 82c5cdde9df0a76e2933c1cd8bfc7887
humanhash: hawaii-tango-hawaii-tennessee
File name:82c5cdde9df0a76e2933c1cd8bfc7887
Download: download sample
Signature GuLoader
Create hunting rule
File size:95'632 bytes
First seen:2022-01-27 10:21:36 UTC
Last seen:2022-01-27 11:51:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (720 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep 1536:2/T2X/jN2vxZz0DTHUpouZZbUc6JgjJPQPovf/5AmNHLBH8k29xE+1Gl1c:2bG7N2kDTHUpouZZbUc6JgjJ4PKfRAI6
TLSH T19A93E005A730C9A7E8B24B3119753B7B5FFAD42267A4CE4B03202F4CBE62781D92DB55
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter zbetcheckin
Tags:32 exe GuLoader signed

Code Signing Certificate

Organisation:VRDIOMRAADERNE
Issuer:VRDIOMRAADERNE
Algorithm:sha256WithRSAEncryption
Valid from:2022-01-23T15:50:12Z
Valid to:2023-01-23T15:50:12Z
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: b0da08480b8fcbd3467a408abc7f8fc17e3386e77474c654bdf4633441981f3a
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
315
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4f51af14d712b6214c64090a79cb228b
Verdict:
Malicious activity
Analysis date:
2022-01-27 09:57:45 UTC
Tags:
opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/7cc0936f-fd14-4263-a121-bb98883a636c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/224222/
Detection(s):
SecuriteInfo.com.Trojan.Siggen16.37961.18105.21018.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Creating a file
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5323/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe guloader nemesis overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61f2725559d130b02a578664/reports/658cf5b2-f237-48fd-8a99-aa5410cbbe02/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ad15abaa-c409-4822-a56d-6cd804e8fd77
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/928872
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/243ae30d42e90000b882779fae40e0056eab332b95e2c938446138a80868909e/
Threat name:
Win32.Downloader.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2022-01-24 12:38:15 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
16 of 28 (57.14%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220127-md891abca7/
Behaviour
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
MD5 hash:
cff85c549d536f651d4fb8387f1976f2
SHA1 hash:
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
Link:
https://www.unpac.me/results/17d53b2c-34a3-46b3-b19a-521158da17da/
SH256 hash:
243ae30d42e90000b882779fae40e0056eab332b95e2c938446138a80868909e
MD5 hash:
82c5cdde9df0a76e2933c1cd8bfc7887
SHA1 hash:
7b391b4429dfbf19030fb49ce750aa3c8b844a6b
Link:
https://www.unpac.me/results/17d53b2c-34a3-46b3-b19a-521158da17da/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.18
Link:
https://yomi.yoroi.company/submissions/243ae30d42e90000b882779fae40e0056eab332b95e2c938446138a80868909e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 243ae30d42e90000b882779fae40e0056eab332b95e2c938446138a80868909e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2009070/
Cape
Cape
https://www.capesandbox.com/analysis/224222/

Comments


Avatar
zbet commented on 2022-01-27 10:21:38 UTC

url : hxxp://172.245.119.43/344/vbc.exe