MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55703ed5643143dc84f5c746c712a56e46c8c6cdb18456eaf46e6c6f085d92b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55703ed5643143dc84f5c746c712a56e46c8c6cdb18456eaf46e6c6f085d92b7
SHA3-384 hash: 6d1df9ecd1c228631db8aaf2d2f4b72f98db91d8ee07583b23705ff56f59dbe5554bba77e43b12438017a9823e2fc15c
SHA1 hash: 6210e25dfe9b29f1c1fae67f0322eb053b550655
MD5 hash: 77524c29c945b7e183c67e2b7a14950d
humanhash: alpha-video-aspen-utah
File name:801702021.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2021-08-17 14:09:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 37e215a56c837657c68542780cbce344 (2 x GuLoader, 1 x RemcosRAT)
ssdeep 3072:R+CD40KugPox1B70qTfRSlO9ts42CvASp+2H8UedH:R+E40J8BqTJSAPs42CvzpFch
Threatray 5'344 similar samples on MalwareBazaar
TLSH T1B9D3CFE1B0E79D63E6A106710538D2E493D3F91986214F0BBF7DCEFA993BA404CC2569
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
242
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
801702021.exe
Verdict:
No threats detected
Analysis date:
2021-08-17 14:35:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/da3de4c7-5350-4c29-aafe-1e37d4ee4f9e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/180086/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.27630.24928.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6a56bb07-3ac0-411d-b97a-6235dff8eb74
Result
Threat name:
GuLoader Remcos
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/834446
Signature
C2 URLs / IPs found in malware configuration
Creates autostart registry keys with suspicious values (likely registry only malware)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected Remcos RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55703ed5643143dc84f5c746c712a56e46c8c6cdb18456eaf46e6c6f085d92b7/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-08-17 11:03:43 UTC
AV detection:
11 of 27 (40.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kvyd5vlegfb5zbhvy5dmoevfnzdmrrwnwgcfn2xunzwg6cc5sk3q._file
Verdict:
suspicious
Similar samples:
447a0d8244572bcab27cab7d54e43ac0cd4724073d6b9deb381c78d32a97b418
GuLoader
6744f6083b8e8c5fca03f50101223d6125db7a1aebeb9de0e87c9e67441e8a53
GuLoader
71756ea23acdd988833bafc579a81eb54341f13f6657fed3aedce37a4d9606ea
GuLoader
8a714868cf6bea9d1a01154cc98fa33abbe75350f06cf26d31538ed0aba6a808
GuLoader
952c1bc7773c529d609f5eac3d5268274cec23eb495ca6ce78a866a73f96aa24
GuLoader
97fee7e2c533d7ad3854cd92d9d2dbcddeb3b08e3e0cb14214b431d3970cda45
GuLoader
d9040bf8ad755cd41dc6266c0e0049f4bac0eaa23f18a26931357fe21c719701
GuLoader
fc55920200c36ee47942792a3be6e7f8b00e46fd83ae7bcd826fd32e547836ef
GuLoader
ff1b034c7060724133c6df0aa8cf5411ec0e6775d3aca83a127617340a8c588a
GuLoader
+ 5'334 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210817-jpkphywk22/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
55703ed5643143dc84f5c746c712a56e46c8c6cdb18456eaf46e6c6f085d92b7
MD5 hash:
77524c29c945b7e183c67e2b7a14950d
SHA1 hash:
6210e25dfe9b29f1c1fae67f0322eb053b550655
Link:
https://www.unpac.me/results/622256ee-8d36-4a53-93eb-ec261a007015/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55703ed5643143dc84f5c746c712a56e46c8c6cdb18456eaf46e6c6f085d92b7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 55703ed5643143dc84f5c746c712a56e46c8c6cdb18456eaf46e6c6f085d92b7

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/180086/

Comments