MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44a9a29d7cddbe89d5b983dd0286aaa532e785af356cc8d88b645deeb0251fed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	44a9a29d7cddbe89d5b983dd0286aaa532e785af356cc8d88b645deeb0251fed
SHA3-384 hash:	2df08ee057e6f60bfbea7ec1b113357a5e1882fb6b35998971e85ce667802bbd1e76b851a5f398066ea49f00fcd570f2
SHA1 hash:	97000b21c84ef111d1795161e34f8b616fe78ebb
MD5 hash:	478e62ef90d2bcfa4add3b5ea1b39826
humanhash:	fillet-river-queen-eight
File name:	NOTICE OF PAYMENT.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	122'880 bytes
First seen:	2021-09-15 13:50:03 UTC
Last seen:	2021-09-15 15:10:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4d0b2c4c35fea49148bb1439759df35a (4 x GuLoader, 1 x Loki)
ssdeep	1536:IL9y8gwThoo3MRjRv5C3jPnUX0f9T8LbWhfIRorEjYPDo:u9JgwS2cxcjnvWIPrEcPDo
Threatray	5'324 similar samples on MalwareBazaar
TLSH	T190C39782E3056B19C04DFCBD6013E4F675366ABB116A0DD631ACBDEB78E169328F42C5
Reporter	malwarelabnet
Tags:	exe GuLoader guloader agenttesla

Intelligence

File Origin

# of uploads :

# of downloads :

139

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Invoice_NBM01557.exe

Verdict:

No threats detected

Analysis date:

2021-09-15 08:38:50 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9d130857-8ffe-4b8b-babb-efa536df9789

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/188204/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.37586547.8557.5943.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/61751af4db358dd15ed925bb/reports/286a553a-fee6-498a-a65e-20eaead67058/overview

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ddae9265-c477-40ed-b7af-4184ede90d54

Result

Threat name:

GuLoader AgentTesla

Detection:

malicious

Classification:

rans.troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/851467

Signature

Antivirus detection for URL or domain

Executable has a suspicious name (potential lure to open the executable)

Found malware configuration

GuLoader behavior detected

Hides threads from debuggers

Initial sample is a PE file and has a suspicious name

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Potential malicious icon found

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Writes to foreign memory regions

Yara detected AgentTesla

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/44a9a29d7cddbe89d5b983dd0286aaa532e785af356cc8d88b645deeb0251fed/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-09-15 07:16:36 UTC

AV detection:

11 of 45 (24.44%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=isu2fhl43w7itvnzqpoqfbvkuuzopbnpgvwmrwelmro65mbfd7wq._file

Verdict:

malicious

GuLoader

0dc21b62ca8b3140169ed54ed05f7324709f92266a83a60556a65e9833ba353c

GuLoader

3cbf0aeafec688023948cad7bf7475270ba9cb1acb0078cf1a9d6288f2751a20

GuLoader

41ab72f9ce1e64f569029d8b3f8c2fdf680fb75113b8d7451bc8d988cd5f6bd2

GuLoader

49de4524bd749523e1a8239eb6edecc62605ef2ed40852306795b839dec39270

GuLoader

548aefb935e11a84133bd8b3d367d988b9ad2e3bde7f4c0fffcf6a94b529be72

GuLoader

7afa7c7724abb034d3155e1e1fc1fd3f9961e56fd6119428d975d8aaee3070f9

GuLoader

c6e5156c311412210237810450648947699d1c4862536a4e86b778e899627292

GuLoader

e13745c95f7bcf403f519efbdf2ab8988f5237c20f9054d994e1e3d8ecf12784

GuLoader

+ 5'314 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:agenttesla family:guloader downloader keylogger spyware stealer trojan

Link:

https://tria.ge/reports/210915-q5a33adgfj/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Checks QEMU agent file

AgentTesla Payload

AgentTesla

Guloader,Cloudeye

Unpacked files

SH256 hash:

44a9a29d7cddbe89d5b983dd0286aaa532e785af356cc8d88b645deeb0251fed

MD5 hash:

478e62ef90d2bcfa4add3b5ea1b39826

SHA1 hash:

97000b21c84ef111d1795161e34f8b616fe78ebb

Link:

https://www.unpac.me/results/cca2e8fd-d1fa-48fb-9cf0-b435c1960e5c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/44a9a29d7cddbe89d5b983dd0286aaa532e785af356cc8d88b645deeb0251fed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/188204/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample