MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60fb9b3472711c847815b8df184109291146866f24d93c03497836c0adef96a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60fb9b3472711c847815b8df184109291146866f24d93c03497836c0adef96a9
SHA3-384 hash: 28061545091061fda4a13dc572c099707be9741799f6c5c0c02a62c42a232beeee79674b0b7a9bde095ac02c9d5caa99
SHA1 hash: eec625f3ceb480f115d2647fdefc6498f1b51392
MD5 hash: 98d399da4704f4c371d1bf592b05de93
humanhash: pip-kitten-london-robert
File name:RFQ00106.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:237'568 bytes
First seen:2021-05-21 15:52:07 UTC
Last seen:2021-05-21 16:17:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6362bc17930cc127ae2b7ff37e9122d2 (9 x GuLoader)
ssdeep 1536:PVJuTEvVbJks33otkYjl8lbfbU4pVBW9c3amYd0U7XDKckLvwwEYwEuo44CrcgHU:T+I4tkYB8HVUuT/VLvwwgEr+mbNX
Threatray 1'938 similar samples on MalwareBazaar
TLSH F134848AB952B469E8C69174F425C61F18E67CB332804E07BF837F67B0340476DE9A67
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ00106.exe
Verdict:
No threats detected
Analysis date:
2021-05-21 20:51:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1957ef00-67a4-437f-b930-5f48ce8105aa

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Malware.Vibem-9863835-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/787644
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60fb9b3472711c847815b8df184109291146866f24d93c03497836c0adef96a9/
Threat name:
Win32.Trojan.Vibem
Create hunting rule
Status:
Malicious
First seen:
2021-05-21 15:52:16 UTC
AV detection:
14 of 46 (30.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=md5zwndsoeoii6avxdprqqijfeiunbtpetmtya2jpa3mblpps2uq._file
Verdict:
unknown
Similar samples:
12e42bff4fa377032623342ac1f23a5c87225a40ef8b900cbb06ae4bd203864d
GuLoader
22b13820a6139c7682d5e1108aefde2200dc593e14fe7fca28eb27d5e616bef7
GuLoader
33ee2504a81c487ee235c0b171ffa1151f6bd4efa3ee0eff07cdff633dde2e60
GuLoader
34a666042ff3ad45f4e1e37776cc55d4f4fdd1bcd8233852839d55fc076410d1
GuLoader
5e74833e8f9a6e8a92cca35de25fb0d6b68c84d0bc22b9c939b51737acb83494
GuLoader
8c48765f9e88fbdc738d2f0801fe6befcaa96484f8b6362d7f0b3fcfd13a4438
GuLoader
9e313db794797641d0c55ff15c1f663e13893bb443bb84e0dd212f8a7aeca598
GuLoader
c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3
GuLoader
c63a3f86be406a11e8f7760403e407a97441753205f8cef432fd634856ca2992
GuLoader
c943a100bc29344a690516900fd3fc830c0af1646499ade9e082e76cdf45901f
GuLoader
+ 1'928 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210521-jmb4z966p2/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://drive.google.com/uc?export=download&id=1y5FPg60-Lh0VQaABnOEZ-BhgfWvCFyfe
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/60fb9b3472711c847815b8df184109291146866f24d93c03497836c0adef96a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 60fb9b3472711c847815b8df184109291146866f24d93c03497836c0adef96a9

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-21 16:21:32 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009.029] Anti-Behavioral Analysis::Instruction Testing