MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fd8c33a5491be40bb0685430728361feb280f92f318f7f0a327bd63fca86f99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	5fd8c33a5491be40bb0685430728361feb280f92f318f7f0a327bd63fca86f99
SHA3-384 hash:	ce950b70858c267b1104607006671754c6184acb34bf6d6c4ff7ab1ca5fc517959c8dd8e8fecfcd40d21b896e9bf9717
SHA1 hash:	a094f453db910743946169545232e86057ec9b32
MD5 hash:	ed7706ef05c9fbd0714e7501cb23037a
humanhash:	finch-louisiana-potato-wisconsin
File name:	Updrag.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	386'824 bytes
First seen:	2022-08-31 12:45:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e2a592076b17ef8bfb48b7e03965a3fc (385 x GuLoader, 58 x RemcosRAT, 40 x AgentTesla)
ssdeep	6144:nLsBN8xoIiL54j0CCRALS9f1nNtfIU7k0Ize1XOk1jEyGrbwKWkJ3CPD:wBoj0CfuN1XCznk16J3aD
TLSH	T1AD84F19275545CD3E8AD983294274BFA1B347C7A9784562332DABF377863382C70E21E
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	7c5ccdbf8eacd4d4 (3 x GuLoader)
Reporter	malwarelabnet
Tags:	exe GuLoader signed

Code Signing Certificate

Organisation:	Naphthous Serieresonans Presseaktiviteternes
Issuer:	Naphthous Serieresonans Presseaktiviteternes
Algorithm:	sha256WithRSAEncryption
Valid from:	2021-09-09T08:02:02Z
Valid to:	2024-09-08T08:02:02Z
Serial number:	-33b8fd506d6ea357
Thumbprint Algorithm:	SHA256
Thumbprint:	112e0116c82ae2ce3a97ae0c2c99ee3ac6866d378dab9024a84ea5d94872f321
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

282

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/306835/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.61632163.12526.4568.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Creating a file

Sending a custom TCP request

Creating a file in the %temp% subdirectories

Delayed reading of the file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/36169/overview

Behaviour

MalwareBazaar

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/630f58552fdf5a0825950ad3/reports/4e8c6860-f441-464c-a09d-b1c972ef6565/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

FormBook, GuLoader

Detection:

malicious

Classification:

troj.evad.spyw

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1061552

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5fd8c33a5491be40bb0685430728361feb280f92f318f7f0a327bd63fca86f99/

Threat name:

Win32.Trojan.GuLoader

Status:

Malicious

First seen:

2022-08-31 12:46:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 40 (57.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=l7mmgosusg7eboygqvbqokbwd7vsqd4s6mmpp4fde66wh7fin6mq._file

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/220831-pzmdgagaf5/

Behaviour

Enumerates physical storage devices

Loads dropped DLL

Guloader,Cloudeye

Unpacked files

SH256 hash:

bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

MD5 hash:

17ed1c86bd67e78ade4712be48a7d2bd

SHA1 hash:

1cc9fe86d6d6030b4dae45ecddce5907991c01a0

Link:

https://www.unpac.me/results/e8afc9a3-eac5-4d32-9dea-57cfa79cc2a4/

SH256 hash:

5fd8c33a5491be40bb0685430728361feb280f92f318f7f0a327bd63fca86f99

MD5 hash:

ed7706ef05c9fbd0714e7501cb23037a

SHA1 hash:

a094f453db910743946169545232e86057ec9b32

Link:

https://www.unpac.me/results/e8afc9a3-eac5-4d32-9dea-57cfa79cc2a4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

GuLoader

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/5fd8c33a5491be40bb0685430728361feb280f92f318f7f0a327bd63fca86f99

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/306835/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample