MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24c6fcb3f26697d826a4c1899bdb9a7368ae336046c1028a6e53a9f17a5186af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24c6fcb3f26697d826a4c1899bdb9a7368ae336046c1028a6e53a9f17a5186af
SHA3-384 hash: b4dfeca7b538f1d1828d3257cb1bd0b9a24b2dcbc7870c53beb5e3de7d099807140c35aef71b6b6626fad63cf72e267f
SHA1 hash: a295b37a189b51685871674e60fee4d5a92ef833
MD5 hash: f46cdabaeaee99beb6f1469c7a637c46
humanhash: lamp-india-nevada-island
File name:Consulta Urgente GRUPO AYUSO Proyecto Madrid N� 1221 C OLID N� 12 LOCAL IZQ.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:282'624 bytes
First seen:2021-07-23 13:29:46 UTC
Last seen:2021-07-23 15:05:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4d855772c2abd948c289c2a8f8005cb9 (3 x GuLoader)
ssdeep 3072:eo3BepJlZa/xxtuSqNfe8iZ1RYFMCzi7dabpNAs+ZVdKuQWfVKHJlZapGBR:7iU0S2fe8iZrOCdabpqxDP4HP
Threatray 412 similar samples on MalwareBazaar
TLSH T1E954C41C6312E006FA51C4FB3101F22B64191D37916DCE46BA8C6E3BE4661F3A6FBAD5
dhash icon 72e8d4ccf4d4e8b0 (5 x GuLoader)
Reporter lowmal3
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Consulta Urgente GRUPO AYUSO Proyecto Madrid N� 1221 C OLID N� 12 LOCAL IZQ.exe
Verdict:
No threats detected
Analysis date:
2021-07-23 13:31:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7cb3ce19-08e1-4a14-9de1-aa648d0571ab

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173651/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.11017.29082.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/491759d0-e0a0-4299-9c68-c9132f445593
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/820799
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24c6fcb3f26697d826a4c1899bdb9a7368ae336046c1028a6e53a9f17a5186af/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2021-07-23 13:30:09 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=etdpzm7sm2l5qjveygezxw42onuk4m3ai3aqfctokou7c6srq2xq._file
Verdict:
suspicious
Similar samples:
45b6514aad30eb4fafa445c6ce8f1fa69e6b4f568f5e05a74e999c295487b850
GuLoader
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3
GuLoader
84c1024292142c4d234701e830aedcbd865311693f0d8ac75596deee268c7db5
GuLoader
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd
GuLoader
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea
GuLoader
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54
GuLoader
b8d430b1bdab27f5308b0f3817a50718dc72c01f0a126c44c15e0959efd3f588
GuLoader
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1
GuLoader
c2c1253d4a7c1f69561044a12333f93b9a5219b9ee4555491085d978814ae0de
GuLoader
d6126052ac0b62aadfefafcad46980f864cd94c47c6096cc32f17d99f04a5fbf
GuLoader
+ 402 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210723-mz9j4kwjss/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
24c6fcb3f26697d826a4c1899bdb9a7368ae336046c1028a6e53a9f17a5186af
MD5 hash:
f46cdabaeaee99beb6f1469c7a637c46
SHA1 hash:
a295b37a189b51685871674e60fee4d5a92ef833
Link:
https://www.unpac.me/results/09c44c84-e58c-4bd5-9f40-e4f4a50e0937/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/24c6fcb3f26697d826a4c1899bdb9a7368ae336046c1028a6e53a9f17a5186af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 24c6fcb3f26697d826a4c1899bdb9a7368ae336046c1028a6e53a9f17a5186af

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/173651/

Comments