MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e71438e192d70fd27b4eb7c9da6ffc559619681e58c2039f095df8cf6d8475c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	4e71438e192d70fd27b4eb7c9da6ffc559619681e58c2039f095df8cf6d8475c
SHA3-384 hash:	9f577bd15f12ff03ec6cc4442583068ff42d9ff6cd67a8bf938eaffcd88c4931ff57fd8f30bd74d001e6fe76e43d9fd8
SHA1 hash:	d56aab2d3f45306d07c526ae4bde12360e305f65
MD5 hash:	f98019485da6f4cb232d6c09b8867c12
humanhash:	football-angel-hotel-alaska
File name:	snyde.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	102'400 bytes
First seen:	2021-09-16 13:13:11 UTC
Last seen:	2021-09-16 13:42:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	192568bbd6059cbff7dcd564f9b7c64d (6 x GuLoader)
ssdeep	1536:yzLy7ZHFFOAEf+d8vZTERl+dgpKqa8xJ0HD7AOPfELnKugGR:yXqZlFpEfM8vZToo+pKxHPA603g
Threatray	5'776 similar samples on MalwareBazaar
TLSH	T161A339033661C292C6DD86F0E4E245F1345AACC4D7C10A2FF67A3E19F9BAF1299E1E41
dhash icon	ceb2b2b2b28ffcd4 (6 x GuLoader)
Reporter	malwarelabnet
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

188

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

snyde.exe

Verdict:

No threats detected

Analysis date:

2021-09-16 13:16:03 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1e57e516-069f-4182-9c20-4e5b479c19f5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/188430/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.22493.29648.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/617522a99a5a1e91c5d20537/reports/bfacf739-936a-43c4-bdd6-d88df42e8de1/overview

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d81e3af0-09fb-42d4-8cd6-fc16cd9fd4f7

Result

Threat name:

GuLoader AgentTesla

Detection:

malicious

Classification:

troj.evad.spre.spyw

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/852081

Signature

Found malware configuration

GuLoader behavior detected

Hides threads from debuggers

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sigma detected: RegAsm connects to smtp port

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Writes to foreign memory regions

Yara detected AgentTesla

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4e71438e192d70fd27b4eb7c9da6ffc559619681e58c2039f095df8cf6d8475c/

Threat name:

Win32.Trojan.Nekark

Status:

Malicious

First seen:

2021-09-16 13:14:04 UTC

AV detection:

17 of 28 (60.71%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jzyuhdqzfvyp2j5u5n6j3jx7yvmwdfub4wgcaopqsxpyz5wyi5oa._file

Verdict:

malicious

Label(s):

cloudeye

GuLoader

6a4aa699e0c5c52be67ef44ccb37c96c9ec92879f2b0147d985a9e998816d343

GuLoader

6cbaf335b0737ddf3f782688324856ef573d1978897299461f7a43c8efeaa008

GuLoader

a6770c3060c17eea5b16f45535cf9bd85b0c00ea22123da28137c5ba83311a0b

GuLoader

da71644ee66cad527be192aefdfb9e5c70f0977d111d95e3591c8221aca1ccfc

GuLoader

fc4e44c0b91ce5f076bab43f739c4100de70423b9e867d2f34ff265e37596bd9

GuLoader

+ 5'766 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210916-qgndgsgdaj/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

4e71438e192d70fd27b4eb7c9da6ffc559619681e58c2039f095df8cf6d8475c

MD5 hash:

f98019485da6f4cb232d6c09b8867c12

SHA1 hash:

d56aab2d3f45306d07c526ae4bde12360e305f65

Link:

https://www.unpac.me/results/4907a3a8-b30b-4e59-8a08-66103802e838/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4e71438e192d70fd27b4eb7c9da6ffc559619681e58c2039f095df8cf6d8475c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/188430/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample