MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 772308b9e65e5533176a0b3575bd922d7612209479652ba78849f29bf1d8f30d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 772308b9e65e5533176a0b3575bd922d7612209479652ba78849f29bf1d8f30d
SHA3-384 hash: 849700a117f1756bafb3f61eb2314c895c6c9b6bb132845257ea1af86d012a7aeacd0f869a589780aa5129228821d5e6
SHA1 hash: 11c5a9345556cfd77fcf8a29d83f6d527a469ade
MD5 hash: b64eecee73322131059674c5e895cd73
humanhash: eight-don-equal-magazine
File name:b64eecee73322131059674c5e895cd73.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:40'960 bytes
First seen:2023-05-03 10:44:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 93dfc16ed07ebeb5b405221f10d12c0e (30 x GuLoader, 4 x RemcosRAT, 1 x AgentTesla)
ssdeep 768:xJLdVpkvgLW3j/ctWc6JDZKX2pXAMLkHfUkTbZIK+c3uTI34thUsj+ki:77SvgCT/zc6J02qVbfP3uTI34tg
Threatray 9 similar samples on MalwareBazaar
TLSH T15C036C4257F1C0E7EDA708301437BB5BBFB67905A0949607F3642A8B6C732419E2F79A
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b64eecee73322131059674c5e895cd73.exe
Verdict:
No threats detected
Analysis date:
2023-05-03 10:45:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e82b5f13-a62f-486f-8c2f-86044e38d4ad

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/386228/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/82287/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
guloader shell32.dll
Link:
https://www.filescan.io/uploads/64523b315642c9c405e259c0/reports/e5c0378a-ae84-48a7-b799-5393cb5f0648/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/772308b9e65e5533176a0b3575bd922d7612209479652ba78849f29bf1d8f30d
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/de0f36b1-b610-4203-8979-c67665be3e2b
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1225530
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 858495 Sample: 78QAp2wWK7.exe Startdate: 03/05/2023 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 78QAp2wWK7.exe 1 2->6         started        process3 process4 8 WerFault.exe 24 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Unicode 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/772308b9e65e5533176a0b3575bd922d7612209479652ba78849f29bf1d8f30d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o4rqropglzktgf3kbm2xlpmsfv3beieupfssxj4ijhzjx4oy6mgq._file
Verdict:
unknown
Similar samples:
1390ffaba8428295de1c41cb39358e5de9ab79868b1f79a6697fd9e72e23e6ee
GuLoader
1cd3cee13fd4653e084327ebf599147a9bcddf5213b332ae928f63f551d3b3f0
GuLoader
1d553ac8ec0a334e66ef3e6882b0273408cda75e2601460bf2bab8d6541cf289
GuLoader
637dd01e0c2df40b6e16752dc10bddd8e446b25254499a0d5e56cea62efba73c
GuLoader
80ba5d77bf23701d83f91b9158e5b3ba36e01c83f2b2469aada56e81a428a224
GuLoader
920fe160ef3a22e69e296128b12731811355dec4de30b234ec133c27947f8945
GuLoader
b65f37c2f7def47bd57ae2837b9c422113da608c3b37a80f62e0332fb717546f
GuLoader
b98d60109c9ccfaac33c719992c026b59e3bc54bbe9fe24bc0fecaa016a02959
GuLoader
d379ffe32dfb2d6d386b6d9c3cbae49e49241ac25a14d2974c286bfa45aa50b9
GuLoader
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230503-mtds2aed25/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Unpacked files
SH256 hash:
772308b9e65e5533176a0b3575bd922d7612209479652ba78849f29bf1d8f30d
MD5 hash:
b64eecee73322131059674c5e895cd73
SHA1 hash:
11c5a9345556cfd77fcf8a29d83f6d527a469ade
Link:
https://www.unpac.me/results/00a5ab6f-860d-4f28-80fc-eaf62e893c05/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/772308b9e65e5533176a0b3575bd922d7612209479652ba78849f29bf1d8f30d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/386228/

Comments