MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 589e7807bdb6892eebfc6f289ef4fc072b14ea391d6f1277175bd482fcea0cda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 589e7807bdb6892eebfc6f289ef4fc072b14ea391d6f1277175bd482fcea0cda
SHA3-384 hash: 9e5bdff991ba2f646813e393ca5fb805ba44dc52d810c32b4f084c884a9a41c63b1baf088a07e27b0169630c07687e26
SHA1 hash: 779cc9236ee7f058b89aaba72dd6bc18e95239fc
MD5 hash: f751f01dade6e585b963c635233b2da8
humanhash: beryllium-september-xray-ten
File name:shipping docs.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2021-10-12 09:37:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0a8e5f9658f839d07c08aa4f38837bac (8 x GuLoader)
ssdeep 3072:H+K9yHFkZGAneeoTcB0BhOdnXhWZ2QLqw9mh7ObETDuvTuqZccm+Fp/rFwYUniRP:v9CG0V4Oh
Threatray 1'613 similar samples on MalwareBazaar
TLSH T1B4D3A511E5CE8D56CA0681BD0C52875BBF6A7E525CC2291B3B6D52C83FEB92172C07CE
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter GovCERT_CH
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
shipping docs.exe
Verdict:
No threats detected
Analysis date:
2021-10-12 09:47:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2865f86a-f243-4bea-8492-76718b271edb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/196869/
Detection(s):
SecuriteInfo.com.Variant.Razy.961905.25482.9063.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6165577efd35fe780c3a4726/reports/a485fb08-095b-4c72-b39e-e65198fd0e9c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e667b2e9-20bc-4be9-988d-30c34c65c2b3
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/868482
Signature
GuLoader behavior detected
Hides threads from debuggers
May check the online IP address of the machine
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/589e7807bdb6892eebfc6f289ef4fc072b14ea391d6f1277175bd482fcea0cda/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2021-10-12 09:38:06 UTC
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lcphqb55w2es5274n4uj55h4a4vrj2rzdvxre5yxlpkif7hkbtna._file
Verdict:
malicious
Similar samples:
2c651d61b2b359be8d015d21d59c29241c4fbee3a59a5bcbd121b54ae7ece796
GuLoader
448379f1a0a59fa0a84180351e48559c9ed7ea6875cdd525782b714a77a2fff9
GuLoader
77e58464f0ee732b3ec4b287399be40227b03889582051e56d80b04ed9a38106
GuLoader
811de8503ce4a7cc2bf23387c4841694be046c532ddee322ea8a75fbaa6d0f22
GuLoader
a6ab3a1ec39d3a4c0660bbfdbe8cbbdd89d9278cca176d7bff77d7aab00dd7ed
GuLoader
b9a9ec05af5b7ca80af675e1c9a6d1582775d1949d35b475111a8a8b32ac4a2a
GuLoader
cecab4db1eb666098828a5161c7a2c894b24f42fe7261b8231e766e1ce9a0794
GuLoader
d1a3f5513cfaf506e96e6304d259fb03f5dc23542301fc9c7335a6e921ad65f9
GuLoader
+ 1'603 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/211012-ll3lracaar/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
589e7807bdb6892eebfc6f289ef4fc072b14ea391d6f1277175bd482fcea0cda
MD5 hash:
f751f01dade6e585b963c635233b2da8
SHA1 hash:
779cc9236ee7f058b89aaba72dd6bc18e95239fc
Link:
https://www.unpac.me/results/d2044401-c736-4500-bf14-0b72b8b59e35/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/589e7807bdb6892eebfc6f289ef4fc072b14ea391d6f1277175bd482fcea0cda

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 589e7807bdb6892eebfc6f289ef4fc072b14ea391d6f1277175bd482fcea0cda

(this sample)

  
Dropped by
guloader
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/196869/

Comments