MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 773873a915db516ec70cc2ef28da691539af10d2aede89835f3f776f9c9afa04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 773873a915db516ec70cc2ef28da691539af10d2aede89835f3f776f9c9afa04
SHA3-384 hash: 28d2984d4a2ed40d8cb17a708bd5bbe2197e99c0fbb2200fbbc5e92c2059963677408d3ab73b6a40a1ba1fdf42362934
SHA1 hash: dd15ae65ca76966686fef3561a6213c92981eb45
MD5 hash: 215e5cc2650d15c79ab17bd24e8458b9
humanhash: indigo-item-cup-magnesium
File name:215e5cc2650d15c79ab17bd24e8458b9
Download: download sample
Signature GuLoader
Create hunting rule
File size:139'264 bytes
First seen:2021-10-14 11:31:07 UTC
Last seen:2021-10-14 14:03:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c727a98e677fb7bd25bb06d2a2d956f1 (11 x GuLoader, 1 x Formbook)
ssdeep 3072:CV6uIJZN7iSL7on17jpxeXz+zGJS6mah61R6ftD:CoXvN7imon17jGX9Q0h6o
Threatray 764 similar samples on MalwareBazaar
TLSH T16FD3A3A162B08FC8E4A786BF27E1875035327E3449166E47F68C7E0E9E765E0D19132F
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
307
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
REVISED INVOICE for EXW Dubai to Ashdod Port 1x40-.xlsx
Verdict:
Malicious activity
Analysis date:
2021-10-14 10:08:02 UTC
Tags:
encrypted opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/b816d536-fd99-4267-b506-b78734782d77

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197531/
Detection(s):
SecuriteInfo.com.Variant.Razy.964195.8351.23781.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/61681534fd35fe780c3fde11/reports/ad1d682a-6274-43c4-9b2c-5febe5632fa5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/250aa4e3-60f1-440b-8e87-1fdf1f46efa8
Result
Threat name:
GuLoader Remcos
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/870430
Signature
C2 URLs / IPs found in malware configuration
Creates autostart registry keys with suspicious values (likely registry only malware)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Potential malicious icon found
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected GuLoader
Yara detected Remcos RAT
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/773873a915db516ec70cc2ef28da691539af10d2aede89835f3f776f9c9afa04/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2021-10-14 11:32:06 UTC
AV detection:
24 of 45 (53.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
0e11a70592490252dab6e6d9ea4d35832ac26d994882807377e79ea00788713b
GuLoader
37c6f7ae98046003879372195ad25435d69c1e2915ed6d4bcefd488e77c9db60
GuLoader
4a27f9816dec1c18870712cde14590b8cd84e6fa5a92dc7488f8522b9f5c7911
GuLoader
4db943d3621a557370a3585cd61db3f9835c65f350a2284c9d5f3024adb0ff07
GuLoader
74f865ab5c9bdf09c402dfcf15248355aa5f743a7d5b4fd64477a1df1ab3bd17
GuLoader
81be23ce8636c948e1ac5c966ee5c34f738f8dc20aa85acedbca48f92e1ff363
GuLoader
86907475c81bc4700fc465c758592c51e905feed8aecdc0c10ccb6a8c650218a
GuLoader
97cb7740ec9f0643c911e147ef1365b17babef450c76257a54b65360b8a7556b
GuLoader
e1940206b5e3300e88b817953a62d90a2e69b738df549dc5da993409a6487ae1
GuLoader
+ 754 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/211014-nnapvsghgn/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
773873a915db516ec70cc2ef28da691539af10d2aede89835f3f776f9c9afa04
MD5 hash:
215e5cc2650d15c79ab17bd24e8458b9
SHA1 hash:
dd15ae65ca76966686fef3561a6213c92981eb45
Link:
https://www.unpac.me/results/9ba0977d-6574-4e5b-8453-54dbec9a96f6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/773873a915db516ec70cc2ef28da691539af10d2aede89835f3f776f9c9afa04

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 773873a915db516ec70cc2ef28da691539af10d2aede89835f3f776f9c9afa04

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1677125/
Cape
Cape
https://www.capesandbox.com/analysis/197531/

Comments


Avatar
zbet commented on 2021-10-14 11:31:08 UTC

url : hxxp://107.172.13.131/0050000/vbc.exe