MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3012b7a51af86d42beaaf6488f7166002226cbaee3ccb92e1c2a2d4b107c3930. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3012b7a51af86d42beaaf6488f7166002226cbaee3ccb92e1c2a2d4b107c3930
SHA3-384 hash: ea4125a9865cfaa91396994b319c87b8415e64d38b64152694054670f451d81d24ad70e40d8aa4c18f57867bbba32ed1
SHA1 hash: 84ce88c612b86fbd98e3d7b55227d95979a58631
MD5 hash: b5571f25836cd41445aa42574af4b736
humanhash: yellow-delta-tango-double
File name:b5571f25836cd41445aa42574af4b736
Download: download sample
Signature GuLoader
Create hunting rule
File size:123'688 bytes
First seen:2021-07-01 00:01:58 UTC
Last seen:2021-07-01 00:48:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e32210a377db7dc6108aadf44007bc45 (1 x GuLoader)
ssdeep 1536:NWlMcDP/5ToUTS13bz62av30HmmIoDQBlIAqFJv/x++4Si96Hjvrh0rPgz6vUUg+:shKuAGCI7zqbg7SQyx0vgKBAKBgI
Threatray 3'399 similar samples on MalwareBazaar
TLSH F5C329577E57D065E206C6B0D000E9F7B830BC76F8528D07BDC1BE093A7A752B1A8E4A
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
60dc99_Outbyte-PC-Repa.zip
Verdict:
Malicious activity
Analysis date:
2021-06-30 19:16:52 UTC
Tags:
trojan evasion stealer vidar loader rat redline ficker phishing
Link:
https://app.any.run/tasks/6858b1bb-edb8-4017-b3e4-518361aa3af0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/169024/
Detection(s):
SecuriteInfo.com.Variant.Razy.885387.9728.453.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/44394f31-f0d2-4ff7-8aec-7994fe0c7685
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/810273
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3012b7a51af86d42beaaf6488f7166002226cbaee3ccb92e1c2a2d4b107c3930/
Threat name:
Win32.Trojan.Chapak
Create hunting rule
Status:
Malicious
First seen:
2021-06-30 16:40:01 UTC
AV detection:
14 of 46 (30.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gajlpji27bwufpvk6zei64lgaarcns5o4pglslq4fiwuwed4heya._file
Verdict:
malicious
Similar samples:
0089a67b8891a809e2c7699b1d97e0d1286756c801aecc20a200a13b049ecb94
GuLoader
16bf40060a0544cf49bda85272b976265fb56248c6068d7d95296937af664ecc
GuLoader
26429a83373a49db5ad7801f324d8f1ce0aafd687ee405a44cb8d6ebebf65c15
GuLoader
55fbd4afb3b387dcab2c4ccb60e2ced461773add94567b99207ccd7faa3ed05f
GuLoader
664bf09b6f40a8f36643766189b1ec1cbf9578ff7d207b9f23803ac7676a119e
GuLoader
69b7fe61ae71ecd658c9747a572a8eaf7f0f49c745028e37c0ff3464c9926889
GuLoader
96beaff70c51e04f38db0943eddd24ecc142ef2815d536b82655e25fbf5a54db
GuLoader
9e3fdcc393fc96ce693041533b4ecc9e43d57ad1bca40c99d07713dc90d39bd4
GuLoader
a72148dff1ea3d49796c35ca68e80d8a9345cfc3cf719feae3ba1ba63431712e
GuLoader
feec98d66a46070620824dadc73263034601ee4fbd6341997b6090693ed8b0c6
GuLoader
+ 3'389 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210701-brmqrgn2vs/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://cdn.discordapp.com/attachments/859444299618582560/859807648862044178/Sicario.bin
Unpacked files
SH256 hash:
49b04162c412105ab0857de16713724cbf3234a0b6ba51f3a5286312633f20c3
MD5 hash:
1f1b425190b2fb0396ad2d538b1060ba
SHA1 hash:
413f98641d46fdcabfcaf64f29495667de6282ea
Link:
https://www.unpac.me/results/43d672fb-617c-4cd8-80c5-4bb84a3d0eb2/
SH256 hash:
3012b7a51af86d42beaaf6488f7166002226cbaee3ccb92e1c2a2d4b107c3930
MD5 hash:
b5571f25836cd41445aa42574af4b736
SHA1 hash:
84ce88c612b86fbd98e3d7b55227d95979a58631
Link:
https://www.unpac.me/results/43d672fb-617c-4cd8-80c5-4bb84a3d0eb2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3012b7a51af86d42beaaf6488f7166002226cbaee3ccb92e1c2a2d4b107c3930

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 3012b7a51af86d42beaaf6488f7166002226cbaee3ccb92e1c2a2d4b107c3930

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1414681/
Cape
Cape
https://www.capesandbox.com/analysis/169024/

Comments


Avatar
zbet commented on 2021-07-01 00:02:00 UTC

url : hxxp://136.144.41.201/WW/file4.exe