MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef
SHA3-384 hash: e472fb3be4d94c32f756e5d1947183032f3be026c4132ac47fce4bd9ee43fa9a0e1ff2779a022fdffdf5ea4b78e0ca85
SHA1 hash: 98d097eeea1c4b608939ae12d9a72f05a6015219
MD5 hash: 222f2cca1a46890e09274e44a549baee
humanhash: timing-louisiana-purple-uniform
File name:Bokos.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:758'024 bytes
First seen:2023-12-18 08:51:08 UTC
Last seen:2023-12-18 10:16:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e2a592076b17ef8bfb48b7e03965a3fc (388 x GuLoader, 59 x RemcosRAT, 44 x VIPKeylogger)
ssdeep 12288:CqwwbXXyWMnGcHtjLxLIC3gmRznHVkBou/o/hyBfzj7ELAplrOeC/z3bAdTr:hLyWATHfICFzn1k164fv7EKrD+zLAdTr
Threatray 1'142 similar samples on MalwareBazaar
TLSH T1ECF412713FD3D827E0156CB8A34A8E4C9E32EF14A515E607E3B039AC9E772526C16D32
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 4042b8f8e8f0f0ac (3 x AZORult, 2 x GuLoader)
Reporter adrian__luca
Tags:exe GuLoader signed

Code Signing Certificate

Organisation:Storblomstredes
Issuer:Storblomstredes
Algorithm:sha256WithRSAEncryption
Valid from:2023-09-17T08:38:34Z
Valid to:2026-09-16T08:38:34Z
Serial number: 3ecc4b7d017a252864b27c8abc4873ab8ea140ef
Thumbprint Algorithm:SHA256
Thumbprint: 6ae441db13bc8bdc4fbd249f724011cffe34f2cc79752005437494489ea03d37
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
299
Origin country :
HU HU
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468257/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.20727.20577.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Searching for the window
Launching a process
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/658008376b1c246046f9efa2/reports/343feb58-5391-475b-b590-2e41bdfe870d/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5ca83ef8-a76b-47a7-a40c-3fcced493eb1
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1363856
Signature
Antivirus detection for URL or domain
Found suspicious powershell code related to unpacking or dynamic code loading
Maps a DLL or memory area into another process
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Obfuscated command line found
Snort IDS alert for network traffic
Suspicious powershell command line found
Very long command line found
Writes to foreign memory regions
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2023-12-11 23:44:56 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
17 of 23 (73.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l3k5lgt4ihq7rkhfwcjgdcnokrqqkwbjpnvw5xyeisoam5y7xlxq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
cloudeye
Create hunting rule
Similar samples:
1a8921a7a0baedb853e8e618e81a372aafc403ac1961e3abe2740bf30c5e6aa2
GuLoader
46c4967e83a9a7f9cc87bceee586824640105f6bfddc89698684b374870023d9
GuLoader
77139402d8d38cfedb303222793713f82654f83e9b813f45630af29fed601076
GuLoader
78bb56d430c2b8c9298c46d125299f8d29f1bd42a61b07e4e8ba91252c371adf
GuLoader
9334878efa62a7b5e556f1a703c18e94362f6b93c0ae63f4741102092f384f90
GuLoader
a3078491b0ddf39bd477ac540f6466d77d66bd9aa88173726ec5faef1592b5b8
GuLoader
aa17ccd48e6acc9b421bf8ad2441e7cd5cca6c856746c92441fac6cb95709aaf
GuLoader
ca5761e56fff93f25f1708bd9b12b214a85b34c46bb76bedc7ff1cc3d2f81a3c
GuLoader
ffe63aecb926ed305039dda5b7102cdfa7bb826126dc0b178e700d7782441579
GuLoader
+ 1'132 additional samples on MalwareBazaar
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
family:azorult infostealer trojan
Link:
https://tria.ge/reports/231218-ksp4kabbf8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Azorult
Unpacked files
SH256 hash:
5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef
MD5 hash:
222f2cca1a46890e09274e44a549baee
SHA1 hash:
98d097eeea1c4b608939ae12d9a72f05a6015219
Link:
https://www.unpac.me/results/f797f2b4-23cc-43a3-b95e-df51738ff376/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5ed5d59a7c41/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 5ed5d59a7c41e1f8a8e5b0926189ae54610558297b6b6edf04449c06771fbaef

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/468257/

Comments