MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53af864a01c69b9c7c84f3c8c5de7443beb8b72be265754399b9d868f940b524. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53af864a01c69b9c7c84f3c8c5de7443beb8b72be265754399b9d868f940b524
SHA3-384 hash: fd6fcea365f537515a8496b4e536600753ecbf4c6ccf464f7b92a5b724e9e65ba6fa9390ed4979d929f7ad0299cac513
SHA1 hash: dbd09fba4817075d359e7de6154bc3d1f22a43ea
MD5 hash: b2d4a64fc8735a2f23626a1c7b0011af
humanhash: virginia-violet-comet-red
File name:b2d4a64fc8735a2f23626a1c7b0011af.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:159'744 bytes
First seen:2021-07-09 18:33:17 UTC
Last seen:2021-07-09 19:47:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 872b47fc56f8007e7a5f75ea140af73b (2 x GuLoader)
ssdeep 1536:bgZJyj6gpYGJf+XzryWglSYklkLfGdZs4Q+FA8lF1ccb1BEkcvWOaEzBKcMSTg:SIjkGJf+XqfZklkUNi+1ccbRcOE8cMS
Threatray 61 similar samples on MalwareBazaar
TLSH T188F3EA6A3249B02CE63740B01B2656687EDE6C717B52E666D3C1E21E36BF310C379637
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1K3Lip-xPNH1vgPtUkUIRcsaIqcD6BHqT

Intelligence

File Origin
# of uploads :
2
# of downloads :
220
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b2d4a64fc8735a2f23626a1c7b0011af.exe
Verdict:
No threats detected
Analysis date:
2021-07-09 18:47:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9425caf7-3494-45ed-80c7-6741800fd95e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170729/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37210622.7960.5834.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1e6d27eb-cc5b-4e6f-8979-3cacf6aea2d8
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/814176
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/53af864a01c69b9c7c84f3c8c5de7443beb8b72be265754399b9d868f940b524/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-08 23:03:10 UTC
AV detection:
6 of 29 (20.69%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=koxymsqby2nzy7ee6pemlxtuio7lrnzl4jsxkq4zxhmgr6kawusa._file
Verdict:
unknown
Similar samples:
10fb1047794d9a933f644978c5bfe1eb5dd2d66b87489823f69ca414d2688537
GuLoader
1e2f8b1c2f4e6ee0cac6fe9dea22e3a1f5bb339136dfda2a2c9168b930e5f070
GuLoader
396cd643a11eec8640903259beefafd56fb24d9d14d99d8fe5d86c01ff8b2741
GuLoader
3dd1a3c527b49134a0241485d8df32b7eb625dd68f52bcc6597002956d6b70d4
GuLoader
4aeeacd6a9c14a9c0de9c89d4264cd72973b416a0704b44977d9ea399bbfb181
GuLoader
4fe68ecc976811b7c7acfd841f0746446f97e271b40819e93a35b17788767f9f
GuLoader
53180a35165cd2b407bee274b9872b94f849e73c7b42dbd9370eecf0f4cc00e8
GuLoader
65b26141d162b4b392d2b18c07056bda8aadb778445f3fae73c9e75d6b639ecc
GuLoader
84dbd0307393393c010f6fe5a29e57aa81e1a9d31f30cf9f6f31f185b0d1ee96
GuLoader
8560db7181c690430d6f38f8b3675e881dcba44904fac74f15a0df136dfa8251
GuLoader
+ 51 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210709-kykz6kk9rx/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://drive.google.com/uc?export=download&id=1K3Lip-xPNH1vgPtUkUIRcsaIqcD6BHqT
Unpacked files
SH256 hash:
53af864a01c69b9c7c84f3c8c5de7443beb8b72be265754399b9d868f940b524
MD5 hash:
b2d4a64fc8735a2f23626a1c7b0011af
SHA1 hash:
dbd09fba4817075d359e7de6154bc3d1f22a43ea
Link:
https://www.unpac.me/results/1b04cd64-6763-45ae-9341-95775ab5ce49/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/53af864a01c69b9c7c84f3c8c5de7443beb8b72be265754399b9d868f940b524

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 53af864a01c69b9c7c84f3c8c5de7443beb8b72be265754399b9d868f940b524

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1438345/
  
URLhaus
https://urlhaus.abuse.ch/url/1436656/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/170729/

Comments