MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4709918939b87a9c054e217770dc158f33c7446815b548d5dabd4a6b138b61b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	4709918939b87a9c054e217770dc158f33c7446815b548d5dabd4a6b138b61b8
SHA3-384 hash:	61fb93bbbc677fd485cac2b5fba2166228c8df4866d828e5aa4bcbd5b8c1dfd3af1c13b3628d16ce96cf7e07643b7371
SHA1 hash:	db83e46797695494b124effe9e8c8353ce6d22d8
MD5 hash:	bd8c3488feafc12ccdfbfbbfe8d49d29
humanhash:	delaware-comet-uncle-april
File name:	4709918939b87a9c054e217770dc158f33c7446815b548d5dabd4a6b138b61b8
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	205'960 bytes
First seen:	2022-09-08 10:16:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6e7f9a29f2c85394521a08b9f31f6275 (278 x GuLoader, 44 x RemcosRAT, 40 x VIPKeylogger)
ssdeep	3072:iNRCywDw1DiJkuI6ESbLXA2k33haF4pgxiwtcZ2l5+XKX8a0p2Yl3h+EMaSEXYvo:iT4Dt8yLQ/wF4N0o2l5xX8Fp2Yl3BZ4o
Threatray	4'133 similar samples on MalwareBazaar
TLSH	T1F21402106734D563D87216356839AB7F7EBA65316D306D0B03423608BDF27E2DA2F399
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	64ccc4d4e8e0d4cc (6 x Formbook, 5 x AgentTesla, 2 x GuLoader)
Reporter	adrian__luca
Tags:	exe GuLoader signed

Code Signing Certificate

Organisation:	Stanny Thespiskrre Aandsfortrende
Issuer:	Stanny Thespiskrre Aandsfortrende
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-01-17T11:07:08Z
Valid to:	2025-01-16T11:07:08Z
Serial number:	0b97f21f372f826b
Thumbprint Algorithm:	SHA256
Thumbprint:	f0b6af1f6623acd12cfeed4102239fcc3a20e388fb95c3d272539109db5e462a
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

313

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

guloader

ID:

File name:

4709918939b87a9c054e217770dc158f33c7446815b548d5dabd4a6b138b61b8

Verdict:

Malicious activity

Analysis date:

2022-09-08 10:15:28 UTC

Tags:

guloader

Link:

https://app.any.run/tasks/24700606-7529-46d3-a67e-20bef602bb96

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/308727/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.61241031.28478.19386.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Creating a file

Delayed reading of the file

Creating a file in the %temp% subdirectories

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/37058/overview

Behaviour

MalwareBazaar

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/6319c0e7d94ccae4108513da/reports/b39d6001-25e1-459a-b970-595f5b67965a/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/09ddabc3-46c4-42d5-903b-dcecd2171445

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1067026

Signature

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4709918939b87a9c054e217770dc158f33c7446815b548d5dabd4a6b138b61b8/

Threat name:

Win32.Trojan.Guloader

Status:

Malicious

First seen:

2022-08-10 06:00:52 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=i4ezdcjzxb5jybkoef3xbxavr4z4ordicw2urvo2xvfgwe4lmg4a._file

Verdict:

malicious

GuLoader

12f7ffd93e0af380b2fe64c1477afcf876ae1449dcc197d71da381873bfbb439

GuLoader

3c167530a131f9dc899b73b9eac971b38e44d41cf291893fde8e575602c2b846

GuLoader

87a0e76ffaebb434696dff4449ad27f6912937899749b7d8eb3b623615176a78

GuLoader

bf0c11eae9de14227141901dffc7bdbd1ecb9b0a2cb1e675f7d36ce5eff0679e

GuLoader

d09cb69744c809f1e48fda7e9ab5623852a42fc6f2cf79547ecc3329871e84ca

GuLoader

df008aace52827a15e0dbf8e6eb1f4febdd6fafcdbcbafe16ff27b7526594be0

GuLoader

f3b3bf03f311300ba76f4de3376ff21b3b1971ccbc90e24638ab15c2b42ef79b

GuLoader

f3c2f58838f82805e8b2fad088523958db89bc6c34b1e27760f881d8d1bcc36e

GuLoader

f783fddd213ea27df398d887e7dadecc3ff7a60f4dff68254581a1d2c02a8291

GuLoader

+ 4'123 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/220908-mavbnsece9/

Behaviour

Enumerates physical storage devices

Drops file in Windows directory

Checks installed software on the system

Loads dropped DLL

Unpacked files

SH256 hash:

7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

MD5 hash:

564bb0373067e1785cba7e4c24aab4bf

SHA1 hash:

7c9416a01d821b10b2eef97b80899d24014d6fc1

Link:

https://www.unpac.me/results/c9e44845-6a51-4483-867b-52b0f1a97466/

SH256 hash:

47b189b13d2dd739064bfde1bdd815eb6691bf336443a084078c7b66fc29eb22

MD5 hash:

744ad76efe0ca6249823b07639209dc2

SHA1 hash:

29214eb322d19fe9ceee62002849e35a2aa6b48e

Link:

https://www.unpac.me/results/c9e44845-6a51-4483-867b-52b0f1a97466/

SH256 hash:

4709918939b87a9c054e217770dc158f33c7446815b548d5dabd4a6b138b61b8

MD5 hash:

bd8c3488feafc12ccdfbfbbfe8d49d29

SHA1 hash:

db83e46797695494b124effe9e8c8353ce6d22d8

Link:

https://www.unpac.me/results/c9e44845-6a51-4483-867b-52b0f1a97466/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.27

Link:

https://yomi.yoroi.company/submissions/4709918939b87a9c054e217770dc158f33c7446815b548d5dabd4a6b138b61b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/308727/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample