MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fb2d2391c1b8d865c8dcd2c03b1f0923a397f3428a133aa082f0643e46483d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fb2d2391c1b8d865c8dcd2c03b1f0923a397f3428a133aa082f0643e46483d8
SHA3-384 hash: 16edf095e6a60add1afe049e02a402bf39f0432ee592af7fee77eacf4bf40d431f142aadc49523dee9a292107ca609c1
SHA1 hash: efd0a9407ee805a0adb4f4b8785ed019383835c2
MD5 hash: 6af0d2e7a86c5b350a7fb48fa97475d9
humanhash: jig-timing-hamper-river
File name:SecuriteInfo.com.W32.AIDetect.malware1.5644.11190
Download: download sample
Signature GuLoader
Create hunting rule
File size:188'416 bytes
First seen:2021-07-28 18:57:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ef86623a8017525fa33267801210730 (3 x GuLoader)
ssdeep 768:7MiJrBffJBud5rDAYGAyCf8DADdY44Hwq8umKhJDDS/AbZ4aiVgICsDZH:wChGrDdHUSdY44HwqrmK/DeXiIVdH
Threatray 758 similar samples on MalwareBazaar
TLSH T1E90419537F09855ED855CAF659D10AB453687F608B8814C71B0FBA380BF89DBA039ECE
Reporter SecuriteInfoCom
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
230
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware1.5644.11190
Verdict:
No threats detected
Analysis date:
2021-07-28 19:04:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f164be65-e8e2-4a44-a4aa-1c85b8443aea

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174824/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.5644.11190.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/16e40504-89de-41b2-9275-527056529ea2
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/823344
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect Any.run
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-28 18:24:58 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
0b9431b196547553849eebdb7a4a6cb57fc6d7d9af2c61c1abfffbf83e337984
GuLoader
4075714cf40071629b9858a706f24bc3544c80b02a69379f1ad9eef2e039968a
GuLoader
5b8bcca6874eb87a0653adc3137d69a11c33c64a0087ad63646f39111ac2e62c
GuLoader
75f423b4e6ca17c94dda8104d745642ca61a0a54a38bf29e3ca55b9d0fec7d66
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
ba7731b6dc348e539c3e92a30f7811579de525f4346b223430b0b668e68e30c0
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3
GuLoader
eb5b36b887116b5aa12cb5609d9d2e132829e325b2c3e16133299696460a0e92
GuLoader
+ 748 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210728-kdvx5edsvx/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
3fb2d2391c1b8d865c8dcd2c03b1f0923a397f3428a133aa082f0643e46483d8
MD5 hash:
6af0d2e7a86c5b350a7fb48fa97475d9
SHA1 hash:
efd0a9407ee805a0adb4f4b8785ed019383835c2
Link:
https://www.unpac.me/results/f5b6c168-0bac-46fd-ab3d-39e290afcdc0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3fb2d2391c1b8d865c8dcd2c03b1f0923a397f3428a133aa082f0643e46483d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 3fb2d2391c1b8d865c8dcd2c03b1f0923a397f3428a133aa082f0643e46483d8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1487728/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/174824/

Comments