MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90
SHA3-384 hash: 12f4b1267338194218f1fdcdc9a0112afe94329000375b000013d890d84ce5b1eff0d085d20744ff63e77f4cb1435674
SHA1 hash: 355acb5af5caaeb59fd7c9e0a54b501c24d47919
MD5 hash: d2cb32f7c7f384b4baa8dd13d6b5bbab
humanhash: three-oklahoma-sweet-mars
File name:d2cb32f7c7f384b4baa8dd13d6b5bbab
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2021-08-03 16:12:53 UTC
Last seen:2021-08-03 19:17:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5565993a5a9f2bfb76f28ab304be6bc1 (7 x GuLoader)
ssdeep 1536:MfPqE74qa95aAmpcPTDo9flG6kPl9NIcGCp9bZYuQmiPY/peaja9QNE7YP:Mf5sR94AWc7Do3G60lM49eM/ptO9QeE
Threatray 5'320 similar samples on MalwareBazaar
TLSH T1D4B3BFE563CAC2BFE1770F781B73355C97C11F945B8221A48379EC9A28271DA08661BF
dhash icon 93d4d0accaaa8c8e (1 x GuLoader)
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
273
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d2cb32f7c7f384b4baa8dd13d6b5bbab
Verdict:
No threats detected
Analysis date:
2021-08-03 16:16:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1d99f9e2-7c8f-41be-8719-a46132e5a4ae

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176128/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.1415.17484.26562.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/01756d48-b12d-4900-be0e-31ac5f76e386
Result
Threat name:
GuLoader Remcos
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/826341
Signature
C2 URLs / IPs found in malware configuration
Creates autostart registry keys with suspicious values (likely registry only malware)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses dynamic DNS services
Yara detected GuLoader
Yara detected Remcos RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 16:13:12 UTC
AV detection:
15 of 27 (55.56%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1942767aa808c15413e31d945174cdea44f4eeed5da3d5831aff879c90eb7609
GuLoader
2c2b9e423c5ae9ef99565d76a6d7d4b6d5e394f523539b447a633c803e9372a3
GuLoader
55fd5769df0df23d4140a34d07dc2c833b43ac1060f4d0992bdd27316041c69a
GuLoader
5e3c17b9a8fb04fc0de847833073fba6b1f5b4c302c003cfb888f93e4bd54adf
GuLoader
73b83d70f24909aea7920a86029b43198979d7e31ab768619371e12fc7399f93
GuLoader
7afa7c7724abb034d3155e1e1fc1fd3f9961e56fd6119428d975d8aaee3070f9
GuLoader
8179d2c371934e7f748fdf033d96a3b527158348e87ec21f1576136ede5d2d17
GuLoader
c0d3da1cefd1a979c8b8ce102fd5d3ff090779f72f4d1098eb383cbbb3480bee
GuLoader
d3257f22e55152e6f6814a0d273d4113f802e9cf39a4841622a7b82cf38bd6af
GuLoader
faf4898dc104ee27f1d2adafa647094f57d9b282d6b3e7654c78e3d55eada723
GuLoader
+ 5'310 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210803-qt6kep1abn/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90
MD5 hash:
d2cb32f7c7f384b4baa8dd13d6b5bbab
SHA1 hash:
355acb5af5caaeb59fd7c9e0a54b501c24d47919
Link:
https://www.unpac.me/results/6e780509-dc0a-4127-887e-aeba54021434/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1502818/
Cape
Cape
https://www.capesandbox.com/analysis/176128/

Comments


Avatar
zbet commented on 2021-08-03 16:12:54 UTC

url : hxxp://198.12.91.134/xss/vbc.exe