MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 397c1235b17a6b14fa61e480e59cf0d6c7d2cf7d633ae1c3957f82c23c985b95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 397c1235b17a6b14fa61e480e59cf0d6c7d2cf7d633ae1c3957f82c23c985b95
SHA3-384 hash: 481ad2d4d13f7193b88ae47a8f8820b986f0af966c22cfb6f0d98f7e561f5b1f7ef22ed32a249bd90914b6412a4a621b
SHA1 hash: 88c5f6ddf9dd87e2f87722e9c1cd286165144d95
MD5 hash: 48f75bdbc25c9cc7df1fe7837a81bf35
humanhash: summer-nuts-tennis-saturn
File name:48f75bdbc25c9cc7df1fe7837a81bf35.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:196'608 bytes
First seen:2021-09-23 11:02:47 UTC
Last seen:2021-09-23 12:14:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bd85017eeb8dd3332d04b1838f2b93b1 (3 x RemcosRAT, 1 x GuLoader)
ssdeep 3072:MUO8XwGB47D4J4Q95iiLKRlRS7G9YgVokrONhlG:DxB4v4J4gL4l8q9Roke
Threatray 5'573 similar samples on MalwareBazaar
TLSH T11D146D736C649E3AF58DEA384C66280963D45C03FB1D4B6EB645FBE8323091E25B4B47
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
48f75bdbc25c9cc7df1fe7837a81bf35.exe
Verdict:
No threats detected
Analysis date:
2021-09-23 11:05:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/10350099-a231-4727-8705-4746bca3e366

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/190721/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.1792.15594.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4cccf54f-68e5-47b0-983f-a764c45340c1
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/856822
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/397c1235b17a6b14fa61e480e59cf0d6c7d2cf7d633ae1c3957f82c23c985b95/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-09-23 11:03:09 UTC
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
59e2ae18fae10822e5363cb8866f2327ecb3b0107d4f13e8f8b8eb58568a2b08
GuLoader
6407ccfb541f544c29296abdfb990a57131ea45e45e1ae2a0d947b6fe62d49e2
GuLoader
79e6799e2eb9dbe27b29e3707175322014ffdfbb943c791977d592017a46ad9c
GuLoader
ab2261ddf24d2524a3ffe99044fac988f6178be9bc78d28cd5db289c414c3a4f
GuLoader
ae83f208925ec791bd10f37e0cd1bfc98473ea586c4814288a243c7d579c2e55
GuLoader
bd6cf98ff23cdad2f5bb43bb60e61275d8ad1ad7baeb609aa0a812fc048fede0
GuLoader
d9da34178f5af034a46aa98a5df2b516854bc866670358c18c5c61266a8fd351
GuLoader
e909198f5ca355e38c8459bc7ae2028ee25f849fde5c37714f914b87a94b5182
GuLoader
+ 5'563 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210923-m5ppnsabb3/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Guloader,Cloudeye
Unpacked files
SH256 hash:
49b04162c412105ab0857de16713724cbf3234a0b6ba51f3a5286312633f20c3
MD5 hash:
1f1b425190b2fb0396ad2d538b1060ba
SHA1 hash:
413f98641d46fdcabfcaf64f29495667de6282ea
Link:
https://www.unpac.me/results/54afbccd-0425-4b0e-bc86-3734c70c4387/
SH256 hash:
397c1235b17a6b14fa61e480e59cf0d6c7d2cf7d633ae1c3957f82c23c985b95
MD5 hash:
48f75bdbc25c9cc7df1fe7837a81bf35
SHA1 hash:
88c5f6ddf9dd87e2f87722e9c1cd286165144d95
Link:
https://www.unpac.me/results/54afbccd-0425-4b0e-bc86-3734c70c4387/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/397c1235b17a6b14fa61e480e59cf0d6c7d2cf7d633ae1c3957f82c23c985b95

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 397c1235b17a6b14fa61e480e59cf0d6c7d2cf7d633ae1c3957f82c23c985b95

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1597404/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/190721/

Comments