MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 537a8ea61616d62ed663a41078e2709f21698036d90668961ba6ebd16db08b86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 537a8ea61616d62ed663a41078e2709f21698036d90668961ba6ebd16db08b86
SHA3-384 hash: 6b98dd3ad5ba41f4729004a6e60e72526f8d88977f4f2eedd5180321a2a6ea64022db04bed07e23d566cd22a48613419
SHA1 hash: 51e50ba440f47f8eec7f041c80bea408549f4ae8
MD5 hash: ecc5855fdc2946ff4b5c3146a13b1db5
humanhash: wolfram-lactose-three-grey
File name:SecuriteInfo.com.Trojan.VbCrypt.1790.12153.15006
Download: download sample
Signature GuLoader
Create hunting rule
File size:40'960 bytes
First seen:2020-09-30 09:51:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24c7f2021b67952b599ea38574c9f95c (6 x GuLoader, 1 x AZORult)
ssdeep 384:jXMeiRVtTy0rvVswzc60IZw+w+pnjeyYYhU564NdHmsn6cgyg/SoKyDiTb3:jXMeb8tPll57YhNdHmc6cgJ//9un
Threatray 2'054 similar samples on MalwareBazaar
TLSH F403491FF1B547E2E2684BBD192382A4404B3C30FB05894FFAC7771E2C75645EAE2266
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67059/
Detection(s):
SecuriteInfo.com.Trojan.VbCrypt.1790.12153.15006.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
DNS request
Sending a custom TCP request
Creating a file
Deleting a recently created file
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/478159
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/537a8ea61616d62ed663a41078e2709f21698036d90668961ba6ebd16db08b86/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-09-29 20:54:15 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kn5i5jqwc3lc5vtduqihrytqt4qwtabw3edgrfq3u3v5c3nqroda._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1289d591984de5325235e57987ab171b4ae3f9d55baf3476087677805922427f
GuLoader
3b6460bb14fdce88ab8ec80e5cbfecbb15bbc09de1e75c51246d1c670925b340
GuLoader
50eb8b54c87303301b6614c07195bef8121ab2f99685ced448b915f9e6f0fc15
GuLoader
63db179f245a255319a3e4e4b4463e35803e651fa2041f329076d60033c6d51c
GuLoader
6964c8791bbf63ce0cf1dac7e62486fd3398d16c72774904fd3a7ca4f3957fff
GuLoader
784d9c10d108190a9e18b3d5756404a3e63fd728abd648225cbbf80c4f78fe76
GuLoader
99d07b0682434235023da65216efdcc624d66c436e80745614315d4c68e8735f
GuLoader
c8e91120db97c2cc33d799fb33cefcb6e199cb68c824500f22ec8fc1736a90b4
GuLoader
d29fa6e0fa83a4332afc39315b3961e609bddc91c1b60590c82b009d20cd9f3a
GuLoader
e05f05fb070ab182f3f8daadedde9b58ba9ab1c9bf0dd66bd2e8a5a9ac63f479
GuLoader
+ 2'044 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200930-5qfkwbtrtn/
Behaviour
Modifies system certificate store
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
537a8ea61616d62ed663a41078e2709f21698036d90668961ba6ebd16db08b86
MD5 hash:
ecc5855fdc2946ff4b5c3146a13b1db5
SHA1 hash:
51e50ba440f47f8eec7f041c80bea408549f4ae8
Link:
https://www.unpac.me/results/1a25aca2-ff98-471e-b88f-da5c7fc8105e/
SH256 hash:
49b04162c412105ab0857de16713724cbf3234a0b6ba51f3a5286312633f20c3
MD5 hash:
1f1b425190b2fb0396ad2d538b1060ba
SHA1 hash:
413f98641d46fdcabfcaf64f29495667de6282ea
Link:
https://www.unpac.me/results/1a25aca2-ff98-471e-b88f-da5c7fc8105e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/537a8ea61616d62ed663a41078e2709f21698036d90668961ba6ebd16db08b86

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 537a8ea61616d62ed663a41078e2709f21698036d90668961ba6ebd16db08b86

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/67059/
  
URLhaus
https://urlhaus.abuse.ch/url/627280/
  
Delivery method
Distributed via web download

Comments