MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71756ea23acdd988833bafc579a81eb54341f13f6657fed3aedce37a4d9606ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71756ea23acdd988833bafc579a81eb54341f13f6657fed3aedce37a4d9606ea
SHA3-384 hash: 14799a5bd9f4c2de903e34cf1d34fa17be9820cedb335eec7e952be7c594491f3ca24a9be9ca50fad0a61e82a05a21a6
SHA1 hash: cc2e6fe59dc9e1d0802d54d979bfedfcff46806b
MD5 hash: d093b60447c793fc519f79f3e6651a42
humanhash: jupiter-oscar-spaghetti-tennis
File name:2021071300010 JPG.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2021-07-13 13:17:12 UTC
Last seen:2021-07-13 14:02:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8ff36c360a089a7073436eb053f9f56c (2 x GuLoader)
ssdeep 3072:/NYQY22RTBevUkp94sUgPCW4V+FiOOlXNTENmkzUG22qYQJ:sTp094ncD44INNTwFo
Threatray 5'485 similar samples on MalwareBazaar
TLSH T120145A5D7FB0D4C5E0A9A7332462C2B453266F21BAF5C55F127CBA7B2B312C3A461326
Reporter malwarelabnet
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2021071300010 JPG.exe
Verdict:
No threats detected
Analysis date:
2021-07-13 13:33:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7667159a-6330-4a4b-8fd9-c33728bb7cab

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171424/
Detection(s):
SecuriteInfo.com.Variant.Graftor.977647.10050.31765.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bf07acbc-cc78-47e1-b5c3-0fb85711acd8
Result
Threat name:
GuLoader Lokibot
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/815647
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected GuLoader
Yara detected Lokibot
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71756ea23acdd988833bafc579a81eb54341f13f6657fed3aedce37a4d9606ea/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-07-13 11:06:31 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=of2w5ir2zxmyraz3v7cxtka6wvbud4j7mzl75u5o3trxutmwa3va._file
Verdict:
suspicious
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b
GuLoader
26f2158d9837aa986e3d69b6cb3df0ea039d0434cd504c2911ad9788bbbf7715
GuLoader
446ffbe53145c93ac0d5f2201a7602846d272fd772936583125b0bd0d331d04a
GuLoader
5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41
GuLoader
81be23ce8636c948e1ac5c966ee5c34f738f8dc20aa85acedbca48f92e1ff363
GuLoader
9fe616b7f813e2de5c4ebf53b624e0f1577014aae677f9f73dc99d8c1b19d140
GuLoader
baac016255a128a1209211bba2a47979f3392f12c41d5805469f899eba6de47b
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
e4effdebb79bd1b3d2e3a2510a96f44cbf9ca4961340c7ca1f276bd3c527afb2
GuLoader
+ 5'475 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210713-4nz8qccbt6/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
71756ea23acdd988833bafc579a81eb54341f13f6657fed3aedce37a4d9606ea
MD5 hash:
d093b60447c793fc519f79f3e6651a42
SHA1 hash:
cc2e6fe59dc9e1d0802d54d979bfedfcff46806b
Link:
https://www.unpac.me/results/5438a9ff-9c2e-4edc-9930-aea6cb59c5ab/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/71756ea23acdd988833bafc579a81eb54341f13f6657fed3aedce37a4d9606ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/171424/

Comments