MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6670269c08d80b6511029d06dfa07711a5e0bb1494107da5dc9d9d5661f010f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6670269c08d80b6511029d06dfa07711a5e0bb1494107da5dc9d9d5661f010f3
SHA3-384 hash: b514b04f091b85351bb65c0463d646894e909acc719a68ee3e5ba1678e829a99c56169fc12c301aa72db10476b483eb9
SHA1 hash: a8388863180d744c2b2478a6f1a2e8c1a7ecf948
MD5 hash: 009c4b4a5d270321b39a743e6dc5bb89
humanhash: batman-monkey-queen-wisconsin
File name:Consignment Document PL&BL Draft.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2021-05-05 06:04:35 UTC
Last seen:2021-05-05 07:11:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4795af900e336ef757ad3450a080a8a3 (2 x GuLoader)
ssdeep 768:LQaGUofIMyafSWqHgKXHFyTPzQWtAI+ruwddoDOsNQ06bwGvU91GIGY7hu+b+t/2:b3A5yafSWHK47QWtAJwZcb9irhudEI+
Threatray 1'116 similar samples on MalwareBazaar
TLSH 0DA3F79673C5E465E20E80708E4587F519DA7C30273A697BF1C6362E26BD0C42DEE2F6
Reporter lowmal3
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/149909/
Detection(s):
SecuriteInfo.com.Variant.Razy.866498.11597.13407.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4adfcbc3-90ae-46dd-a576-2697cfc5a7dc
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/711488
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Executable has a suspicious name (potential lure to open the executable)
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6670269c08d80b6511029d06dfa07711a5e0bb1494107da5dc9d9d5661f010f3/
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-05-05 03:26:39 UTC
AV detection:
15 of 44 (34.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mzycnhai3afwkeictudn7idxcgs6boyusqih3jo4twovmypqcdzq._file
Verdict:
malicious
Similar samples:
37fba5e93049ee78ac1fdf1fafe945636680193ddcb1dc9533f2c9ac80d3744c
GuLoader
479f929625a3e8a8f98256c3a020f5946e0d88fd7e3582e47b63500679d46585
GuLoader
522735989689a96d0e10e926aae941e58a695062254573c5796bb129e4c7703e
GuLoader
5c2766a9b8df935b6144459c3ae5c8f6b7cab54ab844cc78ae770ed1481c4220
GuLoader
6147decc439b9d258f5b19f77dfa47ea441e681c49e0b699533eea18104f4092
GuLoader
6e6fa2f1d1b7e3c37b6c7a18a4bd750e6ca980741c87af931c17d2ed7e469c3e
GuLoader
93ff33867e6593f0e5a80ba261665c6f162bceed6cb39362811a70aa6561cf11
GuLoader
a5fb63409bbc68224d3e2be7511cc6a49fd205892813890c3a76feeabd5a5e56
GuLoader
c2544476ab17fd3fb816a97f08f16548a73c106cca80e1f5e185086d25a9f414
GuLoader
c63a3f86be406a11e8f7760403e407a97441753205f8cef432fd634856ca2992
GuLoader
+ 1'106 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210505-sv1mrw6k2x/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
6670269c08d80b6511029d06dfa07711a5e0bb1494107da5dc9d9d5661f010f3
MD5 hash:
009c4b4a5d270321b39a743e6dc5bb89
SHA1 hash:
a8388863180d744c2b2478a6f1a2e8c1a7ecf948
Link:
https://www.unpac.me/results/3859e128-0b69-4f9f-89ac-56cc31cccabf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/6670269c08d80b6511029d06dfa07711a5e0bb1494107da5dc9d9d5661f010f3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 6670269c08d80b6511029d06dfa07711a5e0bb1494107da5dc9d9d5661f010f3

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/149909/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-05 07:02:53 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009.029] Anti-Behavioral Analysis::Instruction Testing