MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5202c86ff05c916da27a70ed912bd5310473d337747f1b38e475fa1e7e6310c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	5202c86ff05c916da27a70ed912bd5310473d337747f1b38e475fa1e7e6310c4
SHA3-384 hash:	ebbcdefd353876be86c76f8088263c34745dd48fb91bccd24c882bfaeda95b53811c6b60d9268dfcd4353200a62fc65b
SHA1 hash:	367d7ff4341093b7213c892b6fa8607e0f3b4275
MD5 hash:	5886bd18cc0a3e35a30e79dfc0d4f73d
humanhash:	oregon-bulldog-robin-romeo
File name:	jinsung trading.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	101'712 bytes
First seen:	2021-09-09 01:05:41 UTC
Last seen:	2021-09-09 02:25:51 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	000ed791bfecbc3bb69fb230428c55f9 (8 x GuLoader)
ssdeep	1536:ODtx/vU8iy38pRpZvHBw1w8CVcjE7jbq1LKDOeM:O//vqA8FZv9XyLKyeM
Threatray	5'436 similar samples on MalwareBazaar
TLSH	T1FDA38EB2288D5CC1EA4AF1FAA479576D0912EDE314DD4A4B7EC39A3C184B7D0FDA3448
dhash icon	f87ececececece0c (10 x GuLoader)
Reporter	Anonymous
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

146

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SMENG.exe

Verdict:

No threats detected

Analysis date:

2021-09-08 22:56:05 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/39592b21-3d47-4726-bc88-1fb5ab2ae40a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/186468/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.25121.5340.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a custom TCP request

Sending a UDP request

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c0d43908-6554-42e9-84d6-16fc178083ea

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad.spyw

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/847749

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

GuLoader behavior detected

Hides threads from debuggers

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file access)

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5202c86ff05c916da27a70ed912bd5310473d337747f1b38e475fa1e7e6310c4/

Threat name:

Win32.Trojan.VBObfuse

Status:

Malicious

First seen:

2021-09-09 01:06:07 UTC

AV detection:

10 of 45 (22.22%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

47c4518661a80adc00b208c24ba1726bd1074360eec4c2e3d265f6c412f745f9

48a9a59f8f5afdc2bbf18d636f058d32538336577487cdbba99f6b63e367dbb6

7754406e305f40d2a17def7c7d64ed01e3911f18368e36e64b90af21c48a91c4

81462d560b4bf3660bc4eb2c57b827c7e09dea12f4d590ed05880c3d0fc560cb

8eea0ae9eab289a6827156361ffad7987cebe3429422ba07724fa6921a47b2d0

b923011216d37106f2f497f12097ecd3412caca89edee1a49e8090b94344a310

d54cafc1ca36d0ddd134f53d033ebbaaa490721d62d4168106a9b6c7cfa200ba

f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11

ff1b034c7060724133c6df0aa8cf5411ec0e6775d3aca83a127617340a8c588a

+ 5'426 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210909-bf4azsaedn/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

5202c86ff05c916da27a70ed912bd5310473d337747f1b38e475fa1e7e6310c4

MD5 hash:

5886bd18cc0a3e35a30e79dfc0d4f73d

SHA1 hash:

367d7ff4341093b7213c892b6fa8607e0f3b4275

Link:

https://www.unpac.me/results/6499e1a8-e8f6-4226-90a1-097f93ddabc2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/5202c86ff05c916da27a70ed912bd5310473d337747f1b38e475fa1e7e6310c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/186468/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample