MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162
SHA3-384 hash: 988ce3bb2c4f223a61500a7da871834be665c701b1f2a430727b53d5fb33d1b7f3043ecd0f69dc792489f1eea300453f
SHA1 hash: 4874e705a0a075997da7d7bd8cf6f8608376600a
MD5 hash: 37ecfc300780ade05b85fc969675e415
humanhash: robert-idaho-kansas-whiskey
File name:BANK DETAILS.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2021-08-03 14:40:41 UTC
Last seen:2021-08-04 06:15:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b28b105866cd7f6746798ef93a2371be (3 x GuLoader)
ssdeep 1536:UMxYU0ZIKPzkNY55AngpUS9UjoAXQXlIKUc3tsVHmwL+:lxYU0Z5PzYY557ORAVIxcKu
Threatray 374 similar samples on MalwareBazaar
TLSH T165B34DD1AE709C49D44FC275953DD7AAC5067E318070BAF3A74E3F2674B52D2F2A0A82
dhash icon 7472ede4d0c0f8e8 (3 x GuLoader)
Reporter abuse_ch
Tags:bat exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BANK DETAILS.bat
Verdict:
No threats detected
Analysis date:
2021-08-03 14:44:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f453b9ed-04df-4079-bcb4-95bf0ede27cc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176083/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.12849.19491.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7f64787e-5e26-4c90-938b-3b8fd9e13e50
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/826267
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 14:41:10 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kuw3e265end2efv3rdtqn27sxsnbixeklu4nbawfhxg5f42eyfra._file
Verdict:
unknown
Similar samples:
0227a18d51d1cb1aa73f6df961aad10fddb22bc9894d482c7963b4b7a96cac0b
GuLoader
43577416dc0880ec7dbcd526eb16585f68ff51157a28ca0f3452c3a02d3ab5ce
GuLoader
45ef818cc35cb90f9f75ace1a8fccb8f56ba67805685f77ef74a81e8536d011a
GuLoader
552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162
GuLoader
580a18b16318da94712bc81bde2bfc83c0871063b13638fdff09b82fac75e304
GuLoader
58faef99e4fcfd4f1b48907d4dcc145c0aa1013e43d938abd7a164ff46104975
GuLoader
982b5ddadf32cdfb897429949320fd4cc6261fedd853bbcf8da6b628022dd0a5
GuLoader
ae47d3e10a58e5629d36dd9b30b00ce3a1e5a4ddd290feda9ae1649fa5b60781
GuLoader
f629bb2b409e1e3c11f186ebd357480f5c7a6685383a2c2dbcd0583b5723c226
GuLoader
+ 364 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210803-v6n7brrc9e/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162
MD5 hash:
37ecfc300780ade05b85fc969675e415
SHA1 hash:
4874e705a0a075997da7d7bd8cf6f8608376600a
Link:
https://www.unpac.me/results/0c89079d-d2a6-4402-b3db-1d574f156091/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/176083/

Comments