MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25b1b9c09860911a5e932106bda457849099223f19ee11fca9076c47bb837a67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25b1b9c09860911a5e932106bda457849099223f19ee11fca9076c47bb837a67
SHA3-384 hash: 752cae84de54ebb7a835f24168c4a01a219f9ab471bfee0c780ea16760707ba546c22bdff0f061bde0bdddd12a756609
SHA1 hash: ded2b5d8e2b48b48d737a699ab371cc64ebef2d9
MD5 hash: c2c790809328c92c0eec843aceb3be64
humanhash: north-cardinal-autumn-nuts
File name:DED2B5D8E2B48B48D737A699AB371CC64EBEF2D9.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:212'992 bytes
First seen:2021-08-23 09:07:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 92f464fb5bf1afd7a6e32afbc57f027c (1 x GuLoader)
ssdeep 3072:7J9YTDiugdcmn11ziplBh1Owtl+JTo44/QI9:73ODiDdcSPipDNgu
Threatray 289 similar samples on MalwareBazaar
TLSH T1C7248E81B641DF46FC45CDF018B36BA85B28E421ED42BB2BAC58DEB998745C02DC15FB
dhash icon d4d23c383878b638 (1 x GuLoader)
Reporter Jazzo74911657
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
proformInvoices-August-shipment-exportdocumentation-August-scanned-2021.xxe
Verdict:
No threats detected
Analysis date:
2021-08-23 08:01:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/248959c9-205e-4430-b52a-7fc115341634

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181440/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46807288.16997.3943.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/17a8f841-04a8-4338-b0f2-9b5583646fb8
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/837408
Signature
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 469838 Sample: aIqR0OOdzL.exe Startdate: 23/08/2021 Architecture: WINDOWS Score: 92 35 Multi AV Scanner detection for submitted file 2->35 37 GuLoader behavior detected 2->37 39 Machine Learning detection for sample 2->39 41 2 other signatures 2->41 7 aIqR0OOdzL.exe 1 2->7         started        10 VERDE.exe 1 2->10         started        12 VERDE.exe 1 2->12         started        process3 signatures4 43 Tries to detect virtualization through RDTSC time measurements 7->43 14 RegAsm.exe 1 9 7->14         started        45 Multi AV Scanner detection for dropped file 10->45 47 Machine Learning detection for dropped file 10->47 19 RegAsm.exe 8 10->19         started        process5 dnsIp6 27 202.55.134.74, 80 ADTEC-AS-VNADTECMediaJointStockCompanyVN Viet Nam 14->27 25 C:\Users\user\Bymidten\VERDE.exe, PE32 14->25 dropped 29 Tries to detect Any.run 14->29 31 Tries to detect virtualization through RDTSC time measurements 14->31 33 Hides threads from debuggers 14->33 21 conhost.exe 14->21         started        23 conhost.exe 19->23         started        file7 signatures8 process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25b1b9c09860911a5e932106bda457849099223f19ee11fca9076c47bb837a67/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2021-08-23 09:08:09 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewy3tqeymciruxuteedl3jcxqsijsir7dhxbd7fja5wepo4dpjtq._file
Verdict:
suspicious
Similar samples:
2a6e8ba289a5de8c33b711ffe2d26a357d07d2c7147c127385810c64fa57d7ed
GuLoader
3473eba30a8c906099c975e56452188a6fb6449a8923687447fa8d1e1845e323
GuLoader
440c2d0c62161b08e0967177bfb26f1a23df2bfdba7959c0b3bc53288eb27d82
GuLoader
474fdc334d61a837436e2979eebb789db0263ef26cf4bc00b5936823246a0b78
GuLoader
63a6658d48cb77efa5b567692abceb0e64823652096604073725b6e1cdfe285a
GuLoader
87eb95add82c1c9df19d4fb798583d1e62f04eb27dd654c50fa153ea2731f58d
GuLoader
97179c8550506ab7a2bb2f75120e118590df2b842124ab14ef3a3215eb4da7bb
GuLoader
eb53256b217e27a7ab0f71be2181599a79dc0569dea7fdbc5b32cf96a6bc9109
GuLoader
fc6c4135d3f170f4eabb81d6abc020cbdfe02b8c7e5c8c2cb42709b21d9b58e1
GuLoader
+ 279 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210823-w4px5bp792/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
25b1b9c09860911a5e932106bda457849099223f19ee11fca9076c47bb837a67
MD5 hash:
c2c790809328c92c0eec843aceb3be64
SHA1 hash:
ded2b5d8e2b48b48d737a699ab371cc64ebef2d9
Link:
https://www.unpac.me/results/cd1670a3-da11-4a6f-9f7f-98f33bda27c7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/25b1b9c09860911a5e932106bda457849099223f19ee11fca9076c47bb837a67

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 25b1b9c09860911a5e932106bda457849099223f19ee11fca9076c47bb837a67

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/181440/

Comments