MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6836eb2e60ef429ec1f20100cb16b1dc65b64938a7e9cc8ea0a706a699620bfa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	6836eb2e60ef429ec1f20100cb16b1dc65b64938a7e9cc8ea0a706a699620bfa
SHA3-384 hash:	828dbf32b0011fbca05a98729e0bcdbf55643c2930c665f85aeabf2de42262024477a48f07a6517ac420183fd6969466
SHA1 hash:	19a8da4404e725e63642f8afd81cebd55f1451c0
MD5 hash:	0c8e26f7829a4595f2c78a1ad9b3c9d1
humanhash:	six-mango-pennsylvania-pasta
File name:	0c8e26f7829a4595f2c78a1ad9b3c9d1.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	180'224 bytes
First seen:	2021-08-02 08:50:23 UTC
Last seen:	2021-08-02 10:24:34 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4ea8a3c9094fcaa8f9a317c68bbbc652 (1 x GuLoader)
ssdeep	1536:G/acNVf+ha33LkI/rBVn5Ghx6TuWljuh75jWEOeSWZCl4DD4kFYK:yNV26FBHGv6T2aERDMSYK
Threatray	5'264 similar samples on MalwareBazaar
TLSH	T1FE046F402BBED86EE5A1B8F71EB7CF3414817535AE932907FEC27F6A0A3A5F44044625
dhash icon	0cf9f8c4ccdcf814 (1 x GuLoader)
Reporter	abuse_ch
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

455

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

0c8e26f7829a4595f2c78a1ad9b3c9d1.exe

Verdict:

No threats detected

Analysis date:

2021-08-02 09:00:43 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0dda051d-9c86-41fb-9116-8ca64d34d4eb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/175744/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1a36d4c5-6d9f-4bfa-9b14-b5b563d2cb2a

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/825401

Signature

Antivirus / Scanner detection for submitted sample

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/6836eb2e60ef429ec1f20100cb16b1dc65b64938a7e9cc8ea0a706a699620bfa/

Threat name:

Win32.Malware.Generic

Status:

Suspicious

First seen:

2021-08-02 08:51:08 UTC

AV detection:

10 of 46 (21.74%)

Threat level:

2/5

Verdict:

suspicious

Similar samples:

6a3131b719f6687d8d51316dc8fd7ec2eb5bda66eca9220f66d0c1b0853d470c

8c6cae9078b175b331c1d6154045deea386850a75e4e2a250fe4f4d920cf1a4a

98ee691bdac679d1f71fc2a94c61f173fa1190a03875f7bef4ada66129f06f76

a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66

aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14

c03b5d783971f4ab3ae3dac1b9576acfc0334cd919ffd74bb6ac01cbef2b128d

dd2e44f31e3158a713931d11f336664a5b23890471461ffd06a5515bca9485c1

e1e293cbd9c3deeabfdea61324e45217067414499d34ab8c6add548bb8c926ec

f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226

+ 5'254 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210802-t87bgvk9w2/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

6836eb2e60ef429ec1f20100cb16b1dc65b64938a7e9cc8ea0a706a699620bfa

MD5 hash:

0c8e26f7829a4595f2c78a1ad9b3c9d1

SHA1 hash:

19a8da4404e725e63642f8afd81cebd55f1451c0

Link:

https://www.unpac.me/results/a4a762a6-5281-474f-b920-c69ffbcacc54/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/6836eb2e60ef429ec1f20100cb16b1dc65b64938a7e9cc8ea0a706a699620bfa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 6836eb2e60ef429ec1f20100cb16b1dc65b64938a7e9cc8ea0a706a699620bfa

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1499127/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/175744/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample