MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32d76f1f822f9b6b25f0e5444f67abda433f2830016f2c96b5b4a55f462ed810. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32d76f1f822f9b6b25f0e5444f67abda433f2830016f2c96b5b4a55f462ed810
SHA3-384 hash: d33998db8a51b69f81c5b4b5193dfe930810e74a2c044dfb1787cf1b1bab891ba03606567f3339f195a0e9fd8e702999
SHA1 hash: 55c87982f740b4481ed93d223d87e6afa437f21d
MD5 hash: 010394a473e77f7d72f63507b383f05c
humanhash: six-crazy-pizza-hawaii
File name:010394a473e77f7d72f63507b383f05c
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2021-09-07 15:21:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e7385b520d674485dcb5aa8e71effcae (2 x GuLoader)
ssdeep 3072:/xI3EIFJlAkpn/lEEIJUCA0h5sQGupkHzZdirw/uYd/Z9:0FJlAk9lEEIJUC7iWcp
Threatray 5'131 similar samples on MalwareBazaar
TLSH T141047D2669B6BF9CF1A66E74D951789303863C207B12A27DF0C4F728B1306D26C257DB
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Purchase Order 334779.xlsx
Verdict:
Malicious activity
Analysis date:
2021-09-07 14:31:30 UTC
Tags:
encrypted exploit CVE-2017-11882
Link:
https://app.any.run/tasks/67ca857e-6f6c-463a-be82-4ffc11f87b91

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186077/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.20463.29528.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c86cbf45-07c0-40b7-b4b6-5800ed5b9df8
Result
Threat name:
GuLoader AgentTesla
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/846741
Signature
Contains functionality to register a low level keyboard hook
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Installs a global keyboard hook
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected AgentTesla
Yara detected GuLoader
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32d76f1f822f9b6b25f0e5444f67abda433f2830016f2c96b5b4a55f462ed810/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-09-07 15:22:10 UTC
AV detection:
12 of 27 (44.44%)
Threat level:
  5/5
Verdict:
suspicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
15520c752a3375cd92bee021404e10830d4732681be2e50b3d293bcbd3c1e262
GuLoader
55703ed5643143dc84f5c746c712a56e46c8c6cdb18456eaf46e6c6f085d92b7
GuLoader
70921226f4c6dd8d21672150cc0115b107c395f848aa89975ed3bb42c7eccd69
GuLoader
7c0a44319ba7a567058b139432f5a549f937d2c9e499006744beffc927c8ce6a
GuLoader
7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad
GuLoader
ace7e59fa80a108d4f3fd0a56a99f03d17e56ec2c756092aa65b910352f59921
GuLoader
ae83f208925ec791bd10f37e0cd1bfc98473ea586c4814288a243c7d579c2e55
GuLoader
c9d7f98f32268cf0a37e645d801608ba1135ff089f48854ccfc385aefebfce25
GuLoader
db48dc160b1f48b8939b0d49c5f0bee2a28bc3b340cff62cea8da50424e1afea
GuLoader
+ 5'121 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210907-srx2sagagr/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
32d76f1f822f9b6b25f0e5444f67abda433f2830016f2c96b5b4a55f462ed810
MD5 hash:
010394a473e77f7d72f63507b383f05c
SHA1 hash:
55c87982f740b4481ed93d223d87e6afa437f21d
Link:
https://www.unpac.me/results/c612e1f5-2cd5-4856-8c67-20d4243d3f47/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/32d76f1f822f9b6b25f0e5444f67abda433f2830016f2c96b5b4a55f462ed810

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 32d76f1f822f9b6b25f0e5444f67abda433f2830016f2c96b5b4a55f462ed810

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1599883/
Cape
Cape
https://www.capesandbox.com/analysis/186077/

Comments


Avatar
zbet commented on 2021-09-07 15:21:50 UTC

url : hxxp://172.245.26.190/kvi.exe