MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ef5d20300b62654c4816aa089e9acf5fad299d6e13b12a7b6036e9ba9a6a7f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4ef5d20300b62654c4816aa089e9acf5fad299d6e13b12a7b6036e9ba9a6a7f2
SHA3-384 hash:	a50a713250a79095f0af3820c67e5edb3f92c589e18f7004b538957e7c48d56dc0fb6b0d4e90aed6e0d56cd7620a644a
SHA1 hash:	28ca5f3fbe876a32533f3156b00c78ea433317fe
MD5 hash:	1b171c2aee46d8c98eaeb3b97e47d12d
humanhash:	pennsylvania-queen-arizona-bravo
File name:	NEW DOC_JULY_2021_653200621_IMG_JPEG_CIF_EXPORT COPY.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	106'496 bytes
First seen:	2021-07-08 13:44:28 UTC
Last seen:	2021-07-08 14:50:28 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f6e083d868a135a07d80f02d2a01fccd (4 x GuLoader)
ssdeep	1536:izbHcmSnB7uIjkKfCenvRJkHs1dc28UyYo+1KKq+umO:gANVuWkKqenvRSHsvc28UyYv1nq+o
Threatray	5'498 similar samples on MalwareBazaar
TLSH	T1A2A33813B7D1DCA9FDE446351832D19429A3BC307C538E077BC23A6E7C7865279BA21A
Reporter	Anonymous
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

184

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

NEW DOC_JULY_2021_653200621_IMG_JPEG_CIF_EXPORT COPY.exe

Verdict:

No threats detected

Analysis date:

2021-07-08 14:01:44 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/ae3c0a6f-8322-4e15-b0ec-134b9fcf5083

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/170451/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.1479.30371.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/e1c47313-8d03-433a-b9fe-6e53db433cb7

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/813511

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Initial sample is a PE file and has a suspicious name

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/4ef5d20300b62654c4816aa089e9acf5fad299d6e13b12a7b6036e9ba9a6a7f2/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-07-08 13:45:03 UTC

AV detection:

13 of 29 (44.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=j325eayawytfjrebnkqit2nm6x5nfgow4e5rfj5wanxjxkngu7za._file

Verdict:

suspicious

GuLoader

2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c

GuLoader

30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921

GuLoader

559ac9a08e2263a036dc045b7ad9e9bba2b5115de42ab57d75e5e6bb168ceeb9

GuLoader

6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3

GuLoader

6f06cf7295e9301a4358854569f7d53dcf77319a94a76b45e60ebc72b88c2087

GuLoader

9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372

GuLoader

9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4

GuLoader

a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e

GuLoader

cc2739cc340e54819e37849b37727727b422a2567ab39f541108394dbe8fd98f

GuLoader

+ 5'488 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210708-yfnbjpwmhx/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Malware Config

C2 Extraction:

https://onedrive.live.com/download?cid=432DF5748EB08F05&resid=432DF5748EB08F05%21112&authkey=ADMceTysLZAqIOk

Unpacked files

SH256 hash:

4ef5d20300b62654c4816aa089e9acf5fad299d6e13b12a7b6036e9ba9a6a7f2

MD5 hash:

1b171c2aee46d8c98eaeb3b97e47d12d

SHA1 hash:

28ca5f3fbe876a32533f3156b00c78ea433317fe

Link:

https://www.unpac.me/results/e123ebcc-b88a-409f-84e8-1b3a232182bc/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4ef5d20300b62654c4816aa089e9acf5fad299d6e13b12a7b6036e9ba9a6a7f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Cape

https://www.capesandbox.com/analysis/170451/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample