MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 338ee076a3641ab7a652189d830ee26334743a6b1c66925d12d54b755a2421b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	338ee076a3641ab7a652189d830ee26334743a6b1c66925d12d54b755a2421b9
SHA3-384 hash:	aef5ac6ffcf7e4544bb4104b70e621bfbb684dbe73ef4d8bd884e74414f0005654a3859905d0a18f995594c2c8be474e
SHA1 hash:	5cf38889c804881d338f69244c0a2d9844e68d52
MD5 hash:	1af50d1592ef3c604997cddfe6d6e6c8
humanhash:	failed-louisiana-one-carbon
File name:	Offerteaanvraag 14-02-2022.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	458'384 bytes
First seen:	2022-02-14 16:18:14 UTC
Last seen:	2022-02-14 17:36:08 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	56a78d55f3f7af51443e58e0ce2fb5f6 (720 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep	6144:ObE/HUsqaHjErV0UjVrH76Brup88h8h+843ggbxfNSXNISJSdIX3b4Ff:ObwqprVDjVrH7pv1bxfUdIOCc4Ff
Threatray	9'249 similar samples on MalwareBazaar
TLSH	T178A4CF2D073CC856F0A02DFC6822DBB97EFC5F21621DB96753202CD758F12939A8A197
File icon (PE):
dhash icon	1998b0b69ee6fc08 (3 x Loki, 1 x GuLoader)
Reporter	abuse_ch
Tags:	exe geo GuLoader NLD signed

Code Signing Certificate

Organisation:	balancerstnger
Issuer:	balancerstnger
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-02-14T07:05:45Z
Valid to:	2023-02-14T07:05:45Z
Serial number:	00
Intelligence:	325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:	This certificate is on the Cert Central blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	701a8b03ac7224bb7ec816d984abcbbd8525c29c031c34f2874a23dcd7275437
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

300

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/241440/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware2.10795.734.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Creating a file in the %temp% subdirectories

Creating a file

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

control.exe overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/620a80fc45ddfa2e18cf92cc/reports/f6779757-d703-4d80-9031-dc5f2462b025/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/4f0794ff-865f-4935-913f-4a16b81bdc7f

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/939544

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Hides threads from debuggers

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/338ee076a3641ab7a652189d830ee26334743a6b1c66925d12d54b755a2421b9/

Threat name:

Win32.Trojan.GenCBL

Status:

Malicious

First seen:

2022-02-14 16:19:12 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

17 of 27 (62.96%)

Threat level:

5/5

Verdict:

unknown

GuLoader

23b5df2d469238921bc4292d4ad2f179d57b19eba17a93c37af5d3ccae03f1c0

GuLoader

59819eed25c7ec484455237149273827c8c3476bf961f5be7443e856d3131259

GuLoader

767c546decf6f669263e4a0a87a0f5d92234e031e9a0de3733fa954a8f3e0255

GuLoader

819c9d8c88fc1ffbfeae1797646f7b90f930fef4dae513fe8e43fad3bf475bf0

GuLoader

88a56adfda71155cd315c64ca5ab176120f7d74369cc752cb63ee6a00f90e736

GuLoader

892ef7a1974f417377e4b50358b42c68248a4f4c1f393328421ad48e73861640

GuLoader

da3208711d472f6c9af1141faa1272cab7b80cbaef1cfe0c24c5b1597f7a0c99

GuLoader

ee23fa71bea1f05017e21b38e7592db6334a0fc4e9e44bb48452b40a4ddf0677

GuLoader

+ 9'239 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/220214-tshh6abehj/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops file in Windows directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Legitimate hosting services abused for malware hosting/C2

Checks QEMU agent file

Loads dropped DLL

Guloader,Cloudeye

Unpacked files

SH256 hash:

338ee076a3641ab7a652189d830ee26334743a6b1c66925d12d54b755a2421b9

MD5 hash:

1af50d1592ef3c604997cddfe6d6e6c8

SHA1 hash:

5cf38889c804881d338f69244c0a2d9844e68d52

Link:

https://www.unpac.me/results/dfd830a3-c1d3-4e9c-9ea2-efdc3fa357cd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/338ee076a3641ab7a652189d830ee26334743a6b1c66925d12d54b755a2421b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/241440/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample