MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37d08a64868c35c5bae8f5155cc669486590951ea80dd9da61ec38defb89a146. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	37d08a64868c35c5bae8f5155cc669486590951ea80dd9da61ec38defb89a146
SHA3-384 hash:	20be0be21cfad81c53fb0977909e30471ce5cbcc2e7beaa2a3d6a433863bbb8b7ef03570d5813387d41f541c53a6af02
SHA1 hash:	30e33139b101282727f5ba9182d1d856ac96ec6a
MD5 hash:	b5a07242409d812c007e3dadb859fedc
humanhash:	whiskey-arkansas-table-zebra
File name:	b5a07242409d812c007e3dadb859fedc.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	87'736 bytes
First seen:	2021-05-20 18:29:41 UTC
Last seen:	2021-05-20 19:31:17 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	460f9cd83bcc5d612a8fc7838b465d4e (2 x GuLoader)
ssdeep	768:0jHb2YNl7XEFFLj19Azb6CdXyCS2xplRlNZ08nYKmgkWmfz/EhGW4jMALnATPcyF:AqWiFFd9E5yCPRV08nYnATPcyF
Threatray	5'136 similar samples on MalwareBazaar
TLSH	EE835B32B474D6B2F9E145B05768495C0E5B2C3F0F6D8DC73049251C97B2BC2AB623EA
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

GuLoader payload URL:
http://hshjiopklmsacnzbcjuewahfdsnvmlazbcuewqjh.ydns.eu/MEKI%20NEW_rGDXhItdtA168.bin

Intelligence

File Origin

# of uploads :

2

# of downloads :

157

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/160362/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

nanocore

Link:

https://mwdb.cert.pl/sample/37d08a64868c35c5bae8f5155cc669486590951ea80dd9da61ec38defb89a146/

Threat name:

ByteCode-MSIL.Packed.Generic

Status:

Suspicious

First seen:

2021-05-20 15:06:33 UTC

AV detection:

16 of 47 (34.04%)

Threat level:

1/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=g7iiuzegrq24loxi6ukvzrtjjbszbfi6vag5twtb5q4n564jufda._file

Verdict:

unknown

Similar samples:

1ca3cfc63c029b0d6a0d312cac86c5dc77e9efe86dd711a08e1f25d0ec62c366

29a4c9380a91012be5a2b3659f9a4c46d0eca15c689a95707f78ccde9cd11f02

49b1f7e34f74b3ea4b97852292dfd6e856a58f74a181f5a3aadd6356503ae617

53174a644680154786d09b66cc8c4a1aa83c625bd10137600bf191573fa5c602

5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b

68f58a48d09d07cd851a8d03cef1a6000f715257fbfbad215e22013ac7a7e611

6bc635e6ac09b880a389ddf37ceaae81cb38fd81b3966ca1656b65c7d0f4d8fd

a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5

d171f74f5d0cb8a469db9262869b3798ae0ed18098b4017207ff7f6e69fcd07a

f8e52fa75724eb08c0ec68db6799740ad36c7178b8f0dd7c8b0ee755ff60c653

+ 5'126 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210520-agst3tn7q2/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Malware Config

C2 Extraction:

http://hshjiopklmsacnzbcjuewahfdsnvmlazbcuewqjh.ydns.eu/MEKI%20NEW_rGDXhItdtA168.bin

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 37d08a64868c35c5bae8f5155cc669486590951ea80dd9da61ec38defb89a146

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1257840/

Cape

Cape

https://www.capesandbox.com/analysis/160362/

URLhaus

https://urlhaus.abuse.ch/url/1256667/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample