MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5cc02aecb164556410cb88cf8c73dfeb17bef152c767b7283ab6a7c8c18be60b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5cc02aecb164556410cb88cf8c73dfeb17bef152c767b7283ab6a7c8c18be60b
SHA3-384 hash: f0657a59241b19931af7f7647e026012d69eef0458302ce4f1a9acaeaf7f9ce5ac7ed15c59d0cdf658e392704874757d
SHA1 hash: a6cb28e781c125c17d9cd881f227b2566073599e
MD5 hash: da7523a45d841857c64a28314b5844bd
humanhash: sad-grey-double-fillet
File name:(PI-20-03283).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2021-01-15 07:16:53 UTC
Last seen:2021-01-15 09:12:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c76eec294e27c64087a2fbc36ed5fe1f (2 x GuLoader)
ssdeep 768:83XcPGDSrgq1JbGMMMMMMMMmMYSp+R+96+Df/Vy6BzSLCNE6crycX:88PGu15MZ26fDfZBzVfx
Threatray 5'012 similar samples on MalwareBazaar
TLSH CF632A023C59CD67EAA589704E01B7ED42262FF01F505E0B79D87F2FAA3D7292B1512E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.epcafrica.com
Sending IP: 41.186.72.34
From: sales@alliancex.com
Subject: New Inquiry / Quotation Request
Attachment: PI-20-03283.rar (contains "(PI-20-03283).exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Dke_tqEGa6XYQhjHpthS3ctdWi1hsoIU

Intelligence

File Origin
# of uploads :
2
# of downloads :
237
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
(PI-20-03283).exe
Verdict:
No threats detected
Analysis date:
2021-01-15 07:31:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4ed19862-7b18-442d-8d4f-90e61720056d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112192/
Detection(s):
SecuriteInfo.com.FileRepMalware.12785.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/582216
Signature
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5cc02aecb164556410cb88cf8c73dfeb17bef152c767b7283ab6a7c8c18be60b/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ltacv3frmrkwieglrdhyy4675ml354ksy5t3okb2w2t4rqml4yfq._file
Verdict:
unknown
Similar samples:
1fccab885b5fbfef621f85299c5c698965a415f96e1966ef278d9268cb5d921a
GuLoader
94a32b234e3acda70a26f78a56620a6aa7cf6dc21672766e38a75211e13108aa
GuLoader
98af60250a9e0cedaa66f04fe39c412bd0007855255547df68f5da46686c9ced
GuLoader
9c2e8914a4d3511eaa2f69e6ab33c9ff7d760d4ebfb761b38ed56eed8fe32ddb
GuLoader
b33804d1bcadb3c28baad638d82f7510ab66451a5a602978dfa8f629e6bdca05
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
d11cef47f0e97409844b3bc448cfabcfd7f97a4289012ba50e4b7175f5f4c870
GuLoader
df8a22b84b09a0871f6823edb9a826bab424c3e518b18a51e49e7ce1c311ca9a
GuLoader
edc7cf96821b2ba673f3a1df6c3cb50057cb0637259d2905279aae1630794cf9
GuLoader
f916b2daa9c47caa84bdab905de961a60ebb0f4fbcb3b3311eb429b7dcbaed8a
GuLoader
+ 5'002 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210115-l4e1c1hq2x/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
5cc02aecb164556410cb88cf8c73dfeb17bef152c767b7283ab6a7c8c18be60b
MD5 hash:
da7523a45d841857c64a28314b5844bd
SHA1 hash:
a6cb28e781c125c17d9cd881f227b2566073599e
Link:
https://www.unpac.me/results/9b2d2fd0-d955-459d-98ad-76af5a8d4010/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5cc02aecb164556410cb88cf8c73dfeb17bef152c767b7283ab6a7c8c18be60b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar e3c1736f03530cd7e6ed1404ee3a9c1a287c15e09d58b3cc93ed8f0bd91f1947

GuLoader

Executable exe 5cc02aecb164556410cb88cf8c73dfeb17bef152c767b7283ab6a7c8c18be60b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/962434/
  
Dropped by
MD5 041f16554f9bff087923b433cc3e1381
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/112192/
  
Dropped by
SHA256 e3c1736f03530cd7e6ed1404ee3a9c1a287c15e09d58b3cc93ed8f0bd91f1947

Comments