MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5445447afbc7e74f9a827b122e1b38c4cb9715ec3dfc5bbfbf4805759bfc6eac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5445447afbc7e74f9a827b122e1b38c4cb9715ec3dfc5bbfbf4805759bfc6eac
SHA3-384 hash: a3dca0a18f2848af7f1939aef6920a60ab928debeb29f70433fa667ed12c9c501d439f39165338ce37efb093e38658db
SHA1 hash: 451cb1fc62f9fcd4d6f5e8b187404d278f21c65e
MD5 hash: ab19307ba349239ed32f7ec471c882e6
humanhash: robin-red-magnesium-carpet
File name:ab19307ba349239ed32f7ec471c882e6.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2021-06-15 09:54:45 UTC
Last seen:2021-06-15 10:52:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c08d8f9644132654eb702b279083d5c (6 x GuLoader)
ssdeep 1536:+zg1+OOZDPJGMpTzmqEDAoZH0J4oJCEw3dceV1h7nSH2:AOOZrJGM5q1DAoZi4oY3dccY2
Threatray 1'044 similar samples on MalwareBazaar
TLSH 79E39336F643A104F9529070FC159AFE79146F316C478D0BB6F2BB0D61B5ED7BAA0602
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://theater.expodium.net/wp-content/plugins/m/Host_AvQmpG228.bin
https://meatflesh.com/b/Host_AvQmpG228.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ab19307ba349239ed32f7ec471c882e6.exe
Verdict:
No threats detected
Analysis date:
2021-06-15 09:57:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b8f3c6ce-4667-41d6-b965-4a5accfd17b5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/166442/
Detection(s):
SecuriteInfo.com.Variant.Graftor.963667.9647.9127.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cf3e0e39-1a1a-4008-9a58-407dcba5c484
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/802289
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5445447afbc7e74f9a827b122e1b38c4cb9715ec3dfc5bbfbf4805759bfc6eac/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2021-06-15 09:55:19 UTC
AV detection:
22 of 27 (81.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=krcui6x3y7tu7gucpmjc4gzyytfzofpmhx6fxp57jacxlg74n2wa._file
Verdict:
suspicious
Similar samples:
1ca3cfc63c029b0d6a0d312cac86c5dc77e9efe86dd711a08e1f25d0ec62c366
GuLoader
29a4c9380a91012be5a2b3659f9a4c46d0eca15c689a95707f78ccde9cd11f02
GuLoader
49b1f7e34f74b3ea4b97852292dfd6e856a58f74a181f5a3aadd6356503ae617
GuLoader
53174a644680154786d09b66cc8c4a1aa83c625bd10137600bf191573fa5c602
GuLoader
5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b
GuLoader
686b8fac1748af72f6e0a35af456c7f473de446ba5df5430411c9ffd4c8943a0
GuLoader
6bc635e6ac09b880a389ddf37ceaae81cb38fd81b3966ca1656b65c7d0f4d8fd
GuLoader
a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5
GuLoader
cf62a78fa8483a391861a1eb56322cc8fd9ccecca90629398ec54ed62af6114c
GuLoader
d171f74f5d0cb8a469db9262869b3798ae0ed18098b4017207ff7f6e69fcd07a
GuLoader
+ 1'034 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210615-c6k56ex4ex/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
http://theater.expodium.net/wp-content/plugins/m/Host_AvQmpG228.bin
https://meatflesh.com/b/Host_AvQmpG228.bin
Unpacked files
SH256 hash:
5445447afbc7e74f9a827b122e1b38c4cb9715ec3dfc5bbfbf4805759bfc6eac
MD5 hash:
ab19307ba349239ed32f7ec471c882e6
SHA1 hash:
451cb1fc62f9fcd4d6f5e8b187404d278f21c65e
Link:
https://www.unpac.me/results/07769c1a-b9b7-430f-8edd-deb60b8e21fa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5445447afbc7e74f9a827b122e1b38c4cb9715ec3dfc5bbfbf4805759bfc6eac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 5445447afbc7e74f9a827b122e1b38c4cb9715ec3dfc5bbfbf4805759bfc6eac

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1368360/
Cape
Cape
https://www.capesandbox.com/analysis/166442/
  
URLhaus
https://urlhaus.abuse.ch/url/1364978/
  
Delivery method
Distributed via web download

Comments