MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f40242247db00eea1922d0c2a38337ddea49d9da02693679d2e4bfb19e6c088. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f40242247db00eea1922d0c2a38337ddea49d9da02693679d2e4bfb19e6c088
SHA3-384 hash: ef5cd242631c80cf300c553f8364ad5f283867cfd83415cf416f4923148a3a04aaef8a2d40d8494bfc0ce3724047dc60
SHA1 hash: 2a37a01df74c887bb52eb2762d7d6ae0bd5e6b0b
MD5 hash: 8718d75b7cac53f13d01ddea9b52cee0
humanhash: hawaii-foxtrot-arizona-purple
File name:8718d75b7cac53f13d01ddea9b52cee0.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2021-08-03 14:57:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5565993a5a9f2bfb76f28ab304be6bc1 (7 x GuLoader)
ssdeep 1536:mHPwUa96PZfLN0CNzYRn5ZxtBMAphNQmiPYDEZfM96nHPwU:mHIuZ1NzMBXMGh7DEhHI
Threatray 5'306 similar samples on MalwareBazaar
TLSH T1D1B39EAEA6F5982CD7772C748FA151085AD67C8C47C63DF97300C28E199B2283DC97B8
dhash icon 97d2d098cceccd9b (1 x GuLoader)
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
247
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8718d75b7cac53f13d01ddea9b52cee0.exe
Verdict:
No threats detected
Analysis date:
2021-08-03 14:59:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0decf8a3-7261-47e7-a7f1-b1660dafd680

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176096/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37341622.21556.21630.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/acbb51da-3521-4e8b-97aa-88b8a870ef93
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/826293
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Creates autostart registry keys with suspicious values (likely registry only malware)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses dynamic DNS services
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/6f40242247db00eea1922d0c2a38337ddea49d9da02693679d2e4bfb19e6c088/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 09:37:52 UTC
AV detection:
15 of 27 (55.56%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2b63f1488d9a8396513a3dd2ca07b44adee4b1187dc5e6d94934ed6271e76f5d
GuLoader
2d2796f4298b67f77555e446cfe4eca0559ddee6cdf6371524051a42f8dbd291
GuLoader
3016a6fd03e57ee760ab4c79ec8822caa4eda8c24236d7eec230f6ca6f4d785a
GuLoader
447a0d8244572bcab27cab7d54e43ac0cd4724073d6b9deb381c78d32a97b418
GuLoader
55fd5769df0df23d4140a34d07dc2c833b43ac1060f4d0992bdd27316041c69a
GuLoader
97fee7e2c533d7ad3854cd92d9d2dbcddeb3b08e3e0cb14214b431d3970cda45
GuLoader
a7d94673cc8d4e0826a9a240bd1d161b34bec3bea25c036a94df69240015469c
GuLoader
c0d3da1cefd1a979c8b8ce102fd5d3ff090779f72f4d1098eb383cbbb3480bee
GuLoader
d32cf33f8f64824f799ca44e9988ddc517e88db1235f93792d3ed2ddaa48e35f
GuLoader
f06e4c96e86c0f36c82d38de0627c0b81995656c4dcbc136c0fedda868ed8ea0
GuLoader
+ 5'296 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210803-z8ef28s1h2/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
6f40242247db00eea1922d0c2a38337ddea49d9da02693679d2e4bfb19e6c088
MD5 hash:
8718d75b7cac53f13d01ddea9b52cee0
SHA1 hash:
2a37a01df74c887bb52eb2762d7d6ae0bd5e6b0b
Link:
https://www.unpac.me/results/efa578f0-2584-45ba-b666-43c20b852dfa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6f40242247db00eea1922d0c2a38337ddea49d9da02693679d2e4bfb19e6c088

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 6f40242247db00eea1922d0c2a38337ddea49d9da02693679d2e4bfb19e6c088

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1489223/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/176096/

Comments