MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063
SHA3-384 hash: a7ca8dc8b1ac6077012bafe8cf711e55e69b7d89ba896e4cc9bebc99d85d4bc142f5505e2565b84ea6077a6a98f83745
SHA1 hash: c627061336905606c2c26b2b460ac4246fd54ca5
MD5 hash: 448f83467c61e465162daf7cf8d9e88f
humanhash: romeo-solar-whiskey-social
File name:HSBC Customer Information.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2021-09-15 05:09:44 UTC
Last seen:2021-09-15 07:17:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4d0b2c4c35fea49148bb1439759df35a (4 x GuLoader, 1 x Loki)
ssdeep 1536:5EBupM4lApP843c9C72xMDqXq39T8g9AhfIRorEjc145:g4+p04s9iGMDfl0PrEw145
TLSH T1C6C3A742E305AB19C04DFCBE6013E0F674266EBB11664ED571ACBDEB78E1A532CF4684
Reporter fabjer
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
9
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
HSBC Customer Information.exe
Verdict:
No threats detected
Analysis date:
2021-09-15 05:12:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/336114d1-96bd-47a3-9ed1-56bc9cdc4e8b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187953/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37585152.18438.892.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/617513879a5a1e91c5d20241/reports/4def8740-07d0-46d5-88ec-4101ab0dd2b3/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/16a69fd3-3cdb-4411-a8b5-5c5b7b2f379b
Result
Threat name:
GuLoader AgentTesla
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/851080
Signature
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected AgentTesla
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-09-14 22:15:15 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
9 of 45 (20.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i5z4proffuawhp5dfszhcomwskbr4ah7pzuhp4ehoci6ceoj6brq._file
Verdict:
malicious
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:guloader downloader keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210915-ftpf7sbhar/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
AgentTesla Payload
AgentTesla
Guloader,Cloudeye
Unpacked files
SH256 hash:
4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063
MD5 hash:
448f83467c61e465162daf7cf8d9e88f
SHA1 hash:
c627061336905606c2c26b2b460ac4246fd54ca5
Link:
https://www.unpac.me/results/a58e9cc4-fefa-47df-9ecd-a800c2b36327/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 40c16da071e7aa38cfd9e856ba7c77f8682b6cd1f49af637511e605f7d427087

GuLoader

Executable exe 4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063

(this sample)

  
Dropped by
SHA256 40c16da071e7aa38cfd9e856ba7c77f8682b6cd1f49af637511e605f7d427087
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/187953/

Comments