MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 396aae05856753674c211cb8e64462ffb4fb46a0a9238214cb39c12d0682ef66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	396aae05856753674c211cb8e64462ffb4fb46a0a9238214cb39c12d0682ef66
SHA3-384 hash:	c4ace7d9763ac660fa3c7718d2fd3c8376153269ed2e96b1eaa9c839432bf8991c0e8a78203800aa2a2d1ad109369ee2
SHA1 hash:	95fa1bcf3551902fc9e53cc2c94ffaa0145d3f4c
MD5 hash:	8d19e1e8974a87723730325f7c26231a
humanhash:	cup-winner-quebec-beer
File name:	8d19e1e8974a87723730325f7c26231a
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	192'512 bytes
First seen:	2021-06-14 12:39:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	51114cc98630aad2088aa48f6e7a2e19 (3 x GuLoader)
ssdeep	3072:ZS6O7R551JLaKgC9tirczIAwDKBVrNSSdgSlvpnjZSdR2SpMJAHzQfrw7zh4APeK:U/1JLaKVutAiQVRSSdgSlvpnjZSdR2SP
Threatray	5'107 similar samples on MalwareBazaar
TLSH	F4143B16E303A426D661C0B1FC09E2FEB4142F766CA78D57B2F4BB566470DE368F8606
Reporter	zbetcheckin
Tags:	32 exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

357

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

8d19e1e8974a87723730325f7c26231a

Verdict:

No threats detected

Analysis date:

2021-06-14 12:42:15 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f1fadc65-ddaa-4a17-b72d-303f6a2e95c7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Variant.Jaik.46295.31119.9509.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4618dd1a-1337-4426-ae4c-153e93765d15

Result

Threat name:

Unknown

Detection:

malicious

Classification:

rans.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/801796

Signature

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found potential dummy code loops (likely to delay analysis)

Multi AV Scanner detection for submitted file

Potential malicious icon found

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/396aae05856753674c211cb8e64462ffb4fb46a0a9238214cb39c12d0682ef66/

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2021-06-14 12:40:13 UTC

AV detection:

14 of 29 (48.28%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=hfvk4bmfm5jwotbbds4omrdc762pwrvaveryefglhhas2buc55ta._file

Verdict:

suspicious

GuLoader

1c958bc2a268ce3f104a35882f694f8bead71015937bfb99b0986400ab29d703

GuLoader

60fe4a1f0ed577bfa8d10195a3d1123b0a7ab551d3579686ee6ac6bc18282fe5

GuLoader

7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad

GuLoader

80a6e67c230f2f2bad5815d0ead68bb209575960b623ae7fc9952981132656d1

GuLoader

9ec05fd611c2df63c12cc15df8e87e411f358b7a6747a44d4a320c01e3367ca8

GuLoader

a2a95abdc357f8ebb4ad5ac4017cca21882d67431e7afc49dd268182c8214506

GuLoader

ab4d24e50b96e4358963a8232d7244c0aaf208cfec8c8d5022871547ed795fc9

GuLoader

c9d7f98f32268cf0a37e645d801608ba1135ff089f48854ccfc385aefebfce25

GuLoader

fa92eea26935ac1ff010fe8797da8a848b4a4b80e3d2c173a68d1000eb7184c7

GuLoader

+ 5'097 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210614-p7y4b9592a/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Malware Config

C2 Extraction:

https://bridge-pomoja.org/wp-admin/main/build_NACXPaq222.bin
http://fotokubin.big07.pl/wp-content/plugins/back/build_NACXPaq222.bin

Unpacked files

SH256 hash:

396aae05856753674c211cb8e64462ffb4fb46a0a9238214cb39c12d0682ef66

MD5 hash:

8d19e1e8974a87723730325f7c26231a

SHA1 hash:

95fa1bcf3551902fc9e53cc2c94ffaa0145d3f4c

Link:

https://www.unpac.me/results/fdc53fb4-fdf4-4103-9901-998df585dbaa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/396aae05856753674c211cb8e64462ffb4fb46a0a9238214cb39c12d0682ef66

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe 396aae05856753674c211cb8e64462ffb4fb46a0a9238214cb39c12d0682ef66

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1364978/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample