MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 637dd01e0c2df40b6e16752dc10bddd8e446b25254499a0d5e56cea62efba73c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	637dd01e0c2df40b6e16752dc10bddd8e446b25254499a0d5e56cea62efba73c
SHA3-384 hash:	095caf2130190eaa6fc88303969f543a45063d23ffa8208cc67aebd7f6b40ab958702ec46eb5001d07a5302ceb944f71
SHA1 hash:	06e34d85c7284ff64bd4da46dbd721c60e1104e0
MD5 hash:	c45ca496c00650c6272c32794389607d
humanhash:	autumn-violet-six-cup
File name:	c45ca496c00650c6272c32794389607d.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	40'960 bytes
First seen:	2023-05-03 10:44:49 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	93dfc16ed07ebeb5b405221f10d12c0e (30 x GuLoader, 4 x RemcosRAT, 1 x AgentTesla)
ssdeep	768:TQBdkQqjLKdTXPlS5KBwIrIgFXd+bpfU7kLo2Xhmf/3uTE34thUsoki:TQqHK5XPlS5KpD2bpM2pX0n3uTE34ti
Threatray	17 similar samples on MalwareBazaar
TLSH	T15B036D1597E1C0E7EDAB0570147B7F2BBBB67D05E0A4A70BF7603A477C22201991E299
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter	abuse_ch
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

265

Origin country :

NL

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

c45ca496c00650c6272c32794389607d.exe

Verdict:

No threats detected

Analysis date:

2023-05-03 10:48:59 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1f81cad2-767b-46e5-bbca-7ae3394cfe78

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/386229/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/82288/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

shell32.dll

Link:

https://www.filescan.io/uploads/64523b32463eacbc57dbb502/reports/152f19e4-d8be-41da-b55c-5753e596c53d/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/637dd01e0c2df40b6e16752dc10bddd8e446b25254499a0d5e56cea62efba73c

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d8be3d7b-b96b-46b2-b3e4-7a28ef9e9630

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

4 / 100

Link:

https://www.joesandbox.com/analysis/1225529

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/637dd01e0c2df40b6e16752dc10bddd8e446b25254499a0d5e56cea62efba73c/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mn65ahqmfx2aw3qwouw4cc653dsenmsskrezudk6k3hkmlx3u46a._file

Verdict:

unknown

Similar samples:

1390ffaba8428295de1c41cb39358e5de9ab79868b1f79a6697fd9e72e23e6ee

1cd3cee13fd4653e084327ebf599147a9bcddf5213b332ae928f63f551d3b3f0

2a6ce3844cb0426fefb02d57bbb8eab576d0f089231c61aa1293cf0028d1db85

51ddc94e9230a48fc787f52b05342f7b1fec562bb7bd8d4155e99156e6564fde

79e1fc85396ae65e8431f8ceb92fefb5ec396381840d830c415ea2d81cb78a49

7dcbdd10f6e8cdf4c3d982ad15810b978a9b269f8ff525ec1e9187a4d0baf715

80ba5d77bf23701d83f91b9158e5b3ba36e01c83f2b2469aada56e81a428a224

b65f37c2f7def47bd57ae2837b9c422113da608c3b37a80f62e0332fb717546f

b98d60109c9ccfaac33c719992c026b59e3bc54bbe9fe24bc0fecaa016a02959

+ 7 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230503-mtds2agb9s/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Unpacked files

SH256 hash:

637dd01e0c2df40b6e16752dc10bddd8e446b25254499a0d5e56cea62efba73c

MD5 hash:

c45ca496c00650c6272c32794389607d

SHA1 hash:

06e34d85c7284ff64bd4da46dbd721c60e1104e0

Link:

https://www.unpac.me/results/cb978b2e-2a87-495a-bb89-873259e85a2c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/637dd01e0c2df40b6e16752dc10bddd8e446b25254499a0d5e56cea62efba73c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/386229/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample