MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361
SHA3-384 hash: 367df315a9790049cd61eb18a943a69945b7cf806980abfd2c51c53516361d286555be65ffa76b027ae9c27907c3682b
SHA1 hash: 37968cade61e54ce0c4ec24e83c35fadd583019f
MD5 hash: 196b3c910b8d74c5916029f6eb037d5d
humanhash: north-april-bravo-winter
File name:196b3c910b8d74c5916029f6eb037d5d.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2021-06-09 06:47:55 UTC
Last seen:2021-06-09 09:46:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9b8686288ab82fdbf8ede30bc55c83b7 (4 x GuLoader)
ssdeep 1536:IFXJHkDZ+2HdXrK5feyoSP+6a3bQQ6GaXSt4lY5YGw12IjqQRsk:CJiUEXrKIIPcl6o4lBGw12IuMsk
Threatray 684 similar samples on MalwareBazaar
TLSH 6AE33E21BA21E123E44590B4FE55D7DEA4013F721E9F9D03368D3F5A503E3CBAAB1A16
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://mail.gryph.com.au/main/Loader_XclRlqyg39.bin
https://tough-guy.xyz/back/Loader_XclRlqyg39.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
288
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/165554/
Detection(s):
SecuriteInfo.com.Variant.Jaik.46242.20553.1442.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/799356
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2021-06-09 06:48:10 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j5vua6nd6g2wiiolzi2ncev2nkdh76fgxvygaef75ey2y3ldknqq._file
Verdict:
unknown
Similar samples:
138c7976b6b5a29a4569f5018d6b925548a9a424fe3a48293f8a1522ba639afc
GuLoader
27b805e1ceddb91ebec39349aa21ea5619c84e4c6ef3eb439b8156d66813e13e
GuLoader
70b3e86ab4bda10e5ccb441fb356f193ee69f709b9d827b8f1bfd0077a64316e
GuLoader
7d02ae5ae3ed3b7a13ff5495174216ea3195764d7154b8e9b4997c74fd08fb09
GuLoader
9d74a45140396715c309ac076839d0abf83ad6e55a4c8fa6cdf6e9cb4dec8cf6
GuLoader
a6a213e9e6ed1f8e1a318c3bd1a8c1676ddb707c33a44008699cb37adf6d552b
GuLoader
d0c571182eb67023db9b2f8c440dfc76488b23ea51819de40bbeca16fbb9322e
GuLoader
d145458cdc385c244881e7cc9e5a2ec27966eb5de70c601f79449ecddfd90fd0
GuLoader
d4d5cdb9d12362b131de0348342451afd270d320e57cd956991945a61d2013f6
GuLoader
e03bbbeaae0ac8eec422f94d9bf960cf975e54d41059cca1118c6a06672ea364
GuLoader
+ 674 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210609-d594sk36ne/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://mail.gryph.com.au/main/Loader_XclRlqyg39.bin
https://tough-guy.xyz/back/Loader_XclRlqyg39.bin
Unpacked files
SH256 hash:
4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361
MD5 hash:
196b3c910b8d74c5916029f6eb037d5d
SHA1 hash:
37968cade61e54ce0c4ec24e83c35fadd583019f
Link:
https://www.unpac.me/results/1f653cbf-7d10-4fb3-819c-3599d6ff4b9f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1344208/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/165554/

Comments