MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c03824650c28ea39c9ad1aa2a948e730e6bb793b531847f720ff15844008f31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4c03824650c28ea39c9ad1aa2a948e730e6bb793b531847f720ff15844008f31
SHA3-384 hash:	56f4a39c435dbbf367442043fc8475c2c39f0eef57da8a7fc9d11731a34617d059ee22e9ea88705b5c5556fe7cc7a329
SHA1 hash:	5f32800946c8b28125ce206495f116fe3f930235
MD5 hash:	5073e758d55683960a41329ac32567c9
humanhash:	don-emma-emma-cup
File name:	ENERGOTEHNICA SRL - Oferta PGAOFV0042676.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2021-08-25 13:43:40 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c30053c0cecb6f5e362eece7b268b939 (1 x GuLoader)
ssdeep	1536:GDIiqwhZfjsXaEvluYCTF9dPX2YryCNnE0K/Vx7XD:GJhTGhvlufLex/Vx7X
TLSH	T1B6937BD9E5D26CC2FC0898B6043E431CAE27B81D52955B57B999363F0FEBEC0AB93540
dhash icon	f87ececececece0c (10 x GuLoader)
Reporter	lowmal3
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

237

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

ENERGOTEHNICA_SRL_-_Oferta_PGAOFV0042676.gz

Verdict:

Suspicious activity

Analysis date:

2021-08-25 12:25:48 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/5b746903-acaf-415f-b8f5-e137ace2b9c5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/182326/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.10902.26194.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/2178dfcd-0c1b-421c-a4f6-6169bc953143

Result

Threat name:

GuLoader Lokibot

Detection:

malicious

Classification:

troj.evad.spyw

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/839111

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

GuLoader behavior detected

Hides threads from debuggers

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file access)

Yara detected GuLoader

Yara detected Lokibot

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4c03824650c28ea39c9ad1aa2a948e730e6bb793b531847f720ff15844008f31/

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2021-08-25 12:56:34 UTC

AV detection:

12 of 28 (42.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jqbyersqykhkhhe22gvcvfeoomhgxn4twuyyi73sb7yvqraar4yq._file

Verdict:

suspicious

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210825-g4zwaayczs/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

4c03824650c28ea39c9ad1aa2a948e730e6bb793b531847f720ff15844008f31

MD5 hash:

5073e758d55683960a41329ac32567c9

SHA1 hash:

5f32800946c8b28125ce206495f116fe3f930235

Link:

https://www.unpac.me/results/4742acad-51be-4e45-a9bf-4b660cec90dd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4c03824650c28ea39c9ad1aa2a948e730e6bb793b531847f720ff15844008f31

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

exe 4c03824650c28ea39c9ad1aa2a948e730e6bb793b531847f720ff15844008f31

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/182326/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample