MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66e4fb4c25d6f26bd7322782642f7b3ffd5747ca736e64868f8a3c76467bf8c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66e4fb4c25d6f26bd7322782642f7b3ffd5747ca736e64868f8a3c76467bf8c0
SHA3-384 hash: 5cfa831e1a053e224a2b0a2dc652bd6facadd54583eeae262aba2828dff9cfe0e7a4d9f6927b88e8256f7f06474c490a
SHA1 hash: 4c7ff9565349068f73d96f48423ee5ae4f832fa6
MD5 hash: da7e577b39dc1882d8c2f5819ead22e3
humanhash: hotel-freddie-table-florida
File name:Cailbers22LongRiflorderlist.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:270'336 bytes
First seen:2021-06-15 14:53:22 UTC
Last seen:2021-06-15 15:42:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash adaafa2c180eccb7addf1201d12c8322 (4 x GuLoader)
ssdeep 3072:SH1hZYJQKX+an/XNSn3N59UN9+xc9+OTPl3p1YCxsaX5vt42TM:eyvNy5aN8xK+OB3zYwHo
Threatray 55 similar samples on MalwareBazaar
TLSH 2044C943B2477626D0A89C7026ABD12A77FA2D77F21058033AC1BF3767349A77DB0916
Reporter Anonymous
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Cailbers22LongRiflorderlist.exe
Verdict:
No threats detected
Analysis date:
2021-06-15 14:55:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cdda3dfd-661d-4c1a-b04e-742da210e442

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedENT.226.29187.19757.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a11bc2e4-7a52-4977-8e1d-eb5398e28913
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/802538
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/66e4fb4c25d6f26bd7322782642f7b3ffd5747ca736e64868f8a3c76467bf8c0/
Verdict:
suspicious
Similar samples:
0ad4f6db3a7a39ce0c3df5c2424f572c6a24645cd6c40e4446843dba3e646a12
GuLoader
0ccd2b06984be7ae1ca2c2957f1c0479310ecddd4f518f604fbb2892bce86e89
GuLoader
17653f0b95df006bc5833a71a7cedaf0210ab2dd9c913104576b4823c8f7cdfd
GuLoader
1b15ba9f050a7ff993454ced505009cf9af6cdee45d8acc037ff05bf96304b97
GuLoader
479f929625a3e8a8f98256c3a020f5946e0d88fd7e3582e47b63500679d46585
GuLoader
8b04dcca28022f6065a0aab229d6fb466ae313dc5dda21b0a7222225d0facfd5
GuLoader
c08e9dc3b7237d74908e572f68d6808dc155f632243a87eaef985c67c9caee85
GuLoader
d5fdf6585b3afb5b8b4692779e722f9e36a9cb63611713eade2ab1063ed0bab6
GuLoader
e5885f71c6fb1a072681d448a1baf5c8206887e79cb7900e0eb4246efa27011f
GuLoader
f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997
GuLoader
+ 45 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210615-axryxdmv92/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://onedrive.live.com/download?cid=CF699836D17ED884&resid=CF699836D17ED884%21110&authkey=AB6GufhtYFcXJ00
Unpacked files
SH256 hash:
66e4fb4c25d6f26bd7322782642f7b3ffd5747ca736e64868f8a3c76467bf8c0
MD5 hash:
da7e577b39dc1882d8c2f5819ead22e3
SHA1 hash:
4c7ff9565349068f73d96f48423ee5ae4f832fa6
Link:
https://www.unpac.me/results/2f0288e0-92ab-4504-aa53-da69a38d97d3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/66e4fb4c25d6f26bd7322782642f7b3ffd5747ca736e64868f8a3c76467bf8c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link

Comments