MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d05c6f5356b5d1a4802d1b110dd5e6b9136f0b61081130f02404a9312fcd5fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d05c6f5356b5d1a4802d1b110dd5e6b9136f0b61081130f02404a9312fcd5fe
SHA3-384 hash: 76cfa1089b0b9231e1caf4fc2b4a78f2a5db837209d4e2e4f595627962a04662207ec4a920a4a87867dae24cd268f4d5
SHA1 hash: 36e0b2d2d2629d768d6c8f6d1383ae671195cd73
MD5 hash: cbdf1bd3b8c6d5d8ea358fad8b83becc
humanhash: fanta-spring-juliet-hot
File name:cbdf1bd3b8c6d5d8ea358fad8b83becc
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2021-08-17 12:58:28 UTC
Last seen:2021-08-17 15:42:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 37e215a56c837657c68542780cbce344 (2 x GuLoader, 1 x RemcosRAT)
ssdeep 1536:gygvNo2+t8cZZuIOlvC70qTfRSnlO0ots4n2CvASgZXK+2HcCVx0JUei3:32uZV70qTfRSlO9ts42CvASp+2H8Ue+
Threatray 2'679 similar samples on MalwareBazaar
TLSH T1B5D3D0E5B0BBCF56D0891A721438A7C467C7E9598846570A7F3DD7BE0E3B6022E0264E
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
207
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cbdf1bd3b8c6d5d8ea358fad8b83becc
Verdict:
No threats detected
Analysis date:
2021-08-17 13:01:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f0a69d88-2c78-4c33-b3b9-37d671e3b63d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/179959/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.21448.6568.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/322c9541-6a22-44b0-aabe-d9be3125ec88
Result
Threat name:
GuLoader Remcos
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/834339
Signature
C2 URLs / IPs found in malware configuration
Creates autostart registry keys with suspicious values (likely registry only malware)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses dynamic DNS services
Yara detected GuLoader
Yara detected Remcos RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d05c6f5356b5d1a4802d1b110dd5e6b9136f0b61081130f02404a9312fcd5fe/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-08-17 12:59:06 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1ca3cfc63c029b0d6a0d312cac86c5dc77e9efe86dd711a08e1f25d0ec62c366
GuLoader
49b1f7e34f74b3ea4b97852292dfd6e856a58f74a181f5a3aadd6356503ae617
GuLoader
53174a644680154786d09b66cc8c4a1aa83c625bd10137600bf191573fa5c602
GuLoader
57a3bde46b00d57d8a57fb821f22843f608ecad6e643a3e8b58d1a3902bb3c0d
GuLoader
5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b
GuLoader
923e1d37bb37118bd66462b153d9fa0d4518898ed56f0252690a6d9eb111a0d7
GuLoader
97fee7e2c533d7ad3854cd92d9d2dbcddeb3b08e3e0cb14214b431d3970cda45
GuLoader
a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5
GuLoader
ae83f208925ec791bd10f37e0cd1bfc98473ea586c4814288a243c7d579c2e55
GuLoader
bd6cf98ff23cdad2f5bb43bb60e61275d8ad1ad7baeb609aa0a812fc048fede0
GuLoader
+ 2'669 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210817-ryr5xf9kys/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
6d05c6f5356b5d1a4802d1b110dd5e6b9136f0b61081130f02404a9312fcd5fe
MD5 hash:
cbdf1bd3b8c6d5d8ea358fad8b83becc
SHA1 hash:
36e0b2d2d2629d768d6c8f6d1383ae671195cd73
Link:
https://www.unpac.me/results/5c06f4b4-1484-44c0-ab9b-c46e4793d49d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6d05c6f5356b5d1a4802d1b110dd5e6b9136f0b61081130f02404a9312fcd5fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 6d05c6f5356b5d1a4802d1b110dd5e6b9136f0b61081130f02404a9312fcd5fe

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1541659/
  
URLhaus
https://urlhaus.abuse.ch/url/1541660/
Cape
Cape
https://www.capesandbox.com/analysis/179959/

Comments


Avatar
zbet commented on 2021-08-17 12:58:28 UTC

url : hxxp://198.23.207.82/dth/vbc.exe