MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e85c6cfe631feef7d11250670efcbaf476886d8ee13d11a8873cc5df84a14f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	6e85c6cfe631feef7d11250670efcbaf476886d8ee13d11a8873cc5df84a14f9
SHA3-384 hash:	d73ef1dcf3b4f167c07892e9d0b0e2b3df1667a4a75810087adaad47b8048c3f22f1f41cb638d8920f2a82c6c36c1e60
SHA1 hash:	3e76e8c204098c1b52b78508286a962c35e637fe
MD5 hash:	c10cef2b31864b5f9fb13b9af78765b2
humanhash:	ceiling-purple-five-double
File name:	SENSATIO.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	114'688 bytes
First seen:	2021-09-15 14:09:10 UTC
Last seen:	2021-09-15 15:10:23 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4907098a5ecd4cf1549046838d3d7c44 (4 x GuLoader)
ssdeep	1536:W+u85vTXEEX5wkjFXW8sBM2dIaK4AUpdQANZ2ftq82Pkl2dp5JT:JvTUE+8sBrdMUpdNwwv62VJT
Threatray	2'676 similar samples on MalwareBazaar
TLSH	T1D3B34A62E8ACCFE5D2B886B1D8225DF87CB7FC56E9504B47F1C93E6C38336949650809
Reporter	James_inthe_box
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

145

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SENSATIO.exe

Verdict:

No threats detected

Analysis date:

2021-09-15 10:01:38 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/517776c7-edde-4dc4-af64-d61ab03bbe2d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/188214/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.46975957.27917.1835.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/61751b74db358dd15ed925cf/reports/ca35a688-eec4-4ebb-a993-d4ea88e30fe3/overview

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ab0e45f6-60ae-419c-9805-9c9184de45ab

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

rans.troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/851487

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

GuLoader behavior detected

Hides threads from debuggers

Multi AV Scanner detection for submitted file

Potential malicious icon found

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/6e85c6cfe631feef7d11250670efcbaf476886d8ee13d11a8873cc5df84a14f9/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-09-15 12:49:25 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

12 of 27 (44.44%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cloudeye

Similar samples:

39de6e1f455747a1e878f070e5b62e306a60bd595d5a1840518cc07972a5c6d1

44eacb84c8ae24a115769db8bb7fca7d2ad14cf70a905bb57d54b175ffa4da60

6d05c6f5356b5d1a4802d1b110dd5e6b9136f0b61081130f02404a9312fcd5fe

860e16c192167d5dd823b8e533858cdada7aa9b3173254f2f57031af68b84e0c

8eea0ae9eab289a6827156361ffad7987cebe3429422ba07724fa6921a47b2d0

9d32d8de3b01e191634bdd00355a38a310475b70ba31f69015b68db822995c31

c72fc9ac2cab16efb7d7541ec863718f4824bac484bc09c7bbd84ae5b2c92e85

ddff09f62985a15537bf510e1b95a0e31b5714a498c050671df0325802a7f3e9

f1b1abf0182c865a3521d659cbc4bd86a4b00b0e4be95468a1d3b5ff46a3efc8

fc4e44c0b91ce5f076bab43f739c4100de70423b9e867d2f34ff265e37596bd9

+ 2'666 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210915-rgr74sdghl/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

6e85c6cfe631feef7d11250670efcbaf476886d8ee13d11a8873cc5df84a14f9

MD5 hash:

c10cef2b31864b5f9fb13b9af78765b2

SHA1 hash:

3e76e8c204098c1b52b78508286a962c35e637fe

Link:

https://www.unpac.me/results/f2e82603-be23-4d25-b2b4-e3c073c03c53/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6e85c6cfe631feef7d11250670efcbaf476886d8ee13d11a8873cc5df84a14f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/188214/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample