MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 481ae31fc50f76bc07d6b4296824d4e0c52ade89821f1317cb461e31cc8c1443. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 481ae31fc50f76bc07d6b4296824d4e0c52ade89821f1317cb461e31cc8c1443
SHA3-384 hash: ce6b3afc1bacfb23c7f0ca6e09325239977a012b71158880551bad061c3296602555d2b2ff7847850ac3def5c1494b77
SHA1 hash: 00afb2c08a01dcd6ce7e70fb08d9f8e985c82797
MD5 hash: fed2f9fb304dbc336b0c87769fb3fbfa
humanhash: pennsylvania-don-carolina-quebec
File name:fed2f9fb304dbc336b0c87769fb3fbfa.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2021-02-04 12:19:03 UTC
Last seen:2021-02-04 13:47:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 62ac15c1caf19b6bc30ffeb951879a6b (1 x GuLoader)
ssdeep 768:dtF3ni+nxpVsYJ5sYbHA5qAZvBOKiGiMm4C9P9NhjaRae/Bs:d7NxpaY5rI29NYRl/W
Threatray 4'799 similar samples on MalwareBazaar
TLSH 8133D43DB8D080B7C00376761B1693B944126EFF0934890B2825761E7AB568E79DFF6B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://www.mthmscholarship.com/bin_EUMBZrBa182.bin
http://103.141.138.118/bin_EUMBZrBa182.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Order 34.xlsx
Verdict:
Malicious activity
Analysis date:
2021-02-04 07:07:10 UTC
Tags:
encrypted trojan opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/16a89f9d-7ede-470f-992d-3f600e051ce1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/115619/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45676942.15827.27060.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/599168
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/481ae31fc50f76bc07d6b4296824d4e0c52ade89821f1317cb461e31cc8c1443/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-02-04 11:43:50 UTC
AV detection:
24 of 47 (51.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=janogh6fb53lyb6wwquwqjgu4dcsvxujqiprgf6liypddtemcrbq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08954829f50d1aade435fefd5e50e2aee86283ab378a54243892152eded51db8
GuLoader
1004b3957abb87dd5bd6a77a0b65930f32bb27a7121a10715ac8ca170619b024
GuLoader
5cc02aecb164556410cb88cf8c73dfeb17bef152c767b7283ab6a7c8c18be60b
GuLoader
98af60250a9e0cedaa66f04fe39c412bd0007855255547df68f5da46686c9ced
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
d11cef47f0e97409844b3bc448cfabcfd7f97a4289012ba50e4b7175f5f4c870
GuLoader
df8a22b84b09a0871f6823edb9a826bab424c3e518b18a51e49e7ce1c311ca9a
GuLoader
dffc2ea9e2d70e83228e7e109b0e9c4f490df7c513ed32f3dd58fb4a3d5a4cab
GuLoader
edc7cf96821b2ba673f3a1df6c3cb50057cb0637259d2905279aae1630794cf9
GuLoader
f916b2daa9c47caa84bdab905de961a60ebb0f4fbcb3b3311eb429b7dcbaed8a
GuLoader
+ 4'789 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210204-xjw2rjy6re/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
481ae31fc50f76bc07d6b4296824d4e0c52ade89821f1317cb461e31cc8c1443
MD5 hash:
fed2f9fb304dbc336b0c87769fb3fbfa
SHA1 hash:
00afb2c08a01dcd6ce7e70fb08d9f8e985c82797
Link:
https://www.unpac.me/results/d6b58ab7-a1ae-44a1-9dec-58e759438258/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/481ae31fc50f76bc07d6b4296824d4e0c52ade89821f1317cb461e31cc8c1443

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 481ae31fc50f76bc07d6b4296824d4e0c52ade89821f1317cb461e31cc8c1443

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/990084/
Cape
Cape
https://www.capesandbox.com/analysis/115619/
  
URLhaus
https://urlhaus.abuse.ch/url/983053/
  
Delivery method
Distributed via web download

Comments