MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37c86f121c6f2444ba270e021f0fe141de6dac7cba6267e9a873f72eabb6bbff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	37c86f121c6f2444ba270e021f0fe141de6dac7cba6267e9a873f72eabb6bbff
SHA3-384 hash:	91ab6f14a73a0419dbffab3ed985e914a0f0b38faa4b7f5e2127202015354421799b03e860e28449ea260a141c04befa
SHA1 hash:	9ea610eda4fc200e611fa927e087d1332bce34ee
MD5 hash:	5223ddac9a16486b8ad443364945d4ba
humanhash:	monkey-carolina-double-hawaii
File name:	Baadepladses142.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	140'560 bytes
First seen:	2022-10-10 19:17:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	59a4a44a250c4cf4f2d9de2b3fe5d95f (70 x GuLoader, 13 x AgentTesla, 7 x AZORult)
ssdeep	3072:tDJ0rZo6StCBXJP3WioJPo6P5OXOyXpFhtEu+0mBU7d++mayg+r1x5:tDSoIEJoRUu+0mBTwygk
Threatray	18 similar samples on MalwareBazaar
TLSH	T1E2D3F26A52E888D7FA639EB21DB36BB5D332A210146649CF1B41DFBC1F20353DD05297
TrID	92.9% (.EXE) NSIS - Nullsoft Scriptable Install System (846567/2/133) 3.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 1.1% (.EXE) Win64 Executable (generic) (10523/12/4) 0.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 0.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter	GovCERT_CH
Tags:	exe GuLoader signed

Code Signing Certificate

Organisation:
Issuer:
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-08-07T13:27:05Z
Valid to:	2025-08-06T13:27:05Z
Serial number:	-228f6852ad29bd25
Thumbprint Algorithm:	SHA256
Thumbprint:	ceff92264c221e31e5447f2ac6a37ed45ccd5c7611c6c6a564d0acd0dcb635fe
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

1

# of downloads :

318

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/318622/

Detection(s):

SecuriteInfo.com.Adware.Agent.OKV.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a window

Creating a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

nemesis overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/63446fec1ddf36bcc3f44794/reports/981489fb-5045-4142-8467-e6e08517de58/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/e823cf13-a8af-43f2-899d-f69f398f9702

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1087175

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/37c86f121c6f2444ba270e021f0fe141de6dac7cba6267e9a873f72eabb6bbff/

Threat name:

Win32.Downloader.Convagent

Status:

Malicious

First seen:

2022-10-05 08:46:44 UTC

File Type:

PE (Exe)

Extracted files:

4

AV detection:

19 of 26 (73.08%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=g7eg6eq4n4sejorhbybb6d7bihpg3ld4xjrgp2niop3s5k5wxp7q._file

Verdict:

malicious

Label(s):

cloudeye

Similar samples:

166908f0b9866d84c4a0828b4d664aa4b1049d403ebe90798caa4f4d93b26e00

32734437ca16d5bf5babbbe8dfe93dfdc953418dcd53cde0b7fe55b6c69fc3b4

65e331380851f9aced88e0aa9e78e70d04131fa073c5278f6e7fbeb0dff82267

6d43c96f1425abf6538f9b526b768f2fa284dcd9fec93e5b5cf001a4f83fdb89

79f0258fb0f3f2379e0a0320a754686cbc9e4627240f03663276b6b724952fb9

913172750585a6984011e58a573a38cd7ed051e2145690cf7a4b53b1ca49725c

a1853750e48152050b5f04f08ba261a37c49fd039435ac4c2683328febd4fa92

ba99bed9890c619411129e8902aaaf4f65a68c77735a577f8a85428e4f4167e5

+ 8 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader discovery downloader

Link:

https://tria.ge/reports/221010-xzxs7schc7/

Behaviour

Enumerates physical storage devices

Drops file in Program Files directory

Drops file in System32 directory

Checks installed software on the system

Loads dropped DLL

Guloader,Cloudeye

Unpacked files

SH256 hash:

99ff2e61f29ae35b3a3b6b1e921f28c7d988f5dcdeefba4e2eb098dbd9d73260

MD5 hash:

b98427456bead95be1ee885fa80650bb

SHA1 hash:

2e152341c2759aa1f70c10be3d54330bc36d76b6

Link:

https://www.unpac.me/results/a27feb93-2b73-4f89-87f3-7af14d681871/

SH256 hash:

37c86f121c6f2444ba270e021f0fe141de6dac7cba6267e9a873f72eabb6bbff

MD5 hash:

5223ddac9a16486b8ad443364945d4ba

SHA1 hash:

9ea610eda4fc200e611fa927e087d1332bce34ee

Link:

https://www.unpac.me/results/a27feb93-2b73-4f89-87f3-7af14d681871/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/37c86f121c6f2444ba270e021f0fe141de6dac7cba6267e9a873f72eabb6bbff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 37c86f121c6f2444ba270e021f0fe141de6dac7cba6267e9a873f72eabb6bbff

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/318622/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample