MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 778ec854f98646f3bc9f4b4aa609b5d96eb78f073935060418135518953d949d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	778ec854f98646f3bc9f4b4aa609b5d96eb78f073935060418135518953d949d
SHA3-384 hash:	b1545bcfd9b0a6e99fc88f3b0f2882002c031eba8959f2186a773e35eb4cc54ab992c9236aadbc3c3d9fa11b324e7db4
SHA1 hash:	bd31f0da96992050aa293dd3ec7ac46d14efae44
MD5 hash:	0e6a5e9985826f566a6609326aa67107
humanhash:	pip-triple-hotel-uniform
File name:	FAKTURA 00122.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	122'880 bytes
First seen:	2021-02-03 10:09:23 UTC
Last seen:	2021-02-03 12:21:36 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	3002aa90a6228138c61e6ac642f2d8b4 (5 x GuLoader)
ssdeep	1536:muyu2tRxNodk4JFU+98DFXxgLR2n4+hVOCYdZaxKeuhWuuV9U2OWn6HEyqRvK:o39uk4v9R25YnFWuSaE6kY
Threatray	4'677 similar samples on MalwareBazaar
TLSH	F6C3C5A6BAC2FA96D245C0B19A1492F81187BD30FB185D03F0C17B6D3A75AD1493DBF2
Reporter	Anonymous
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

156

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

FAKTURA 00122.exe

Verdict:

No threats detected

Analysis date:

2021-02-03 10:12:49 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/5d325a2f-39e9-4773-9523-f2bb080c9286

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Guloader

Link:

https://www.capesandbox.com/analysis/115273/

Detection(s):

SecuriteInfo.com.Generic.mg.0e6a5e9985826f56.13055.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/597630

Signature

Found potential dummy code loops (likely to delay analysis)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Yara detected VB6 Downloader Generic

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/778ec854f98646f3bc9f4b4aa609b5d96eb78f073935060418135518953d949d/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-02-03 10:10:06 UTC

AV detection:

14 of 27 (51.85%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=o6hmqvhzqzdphpe7jnfkmcnv3fxlpdyhhe2qmbaycnkrrfj5ssoq._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

06c39fdd95aed534806896a460c1cd568259e7b786b20abd7e923c4d1d4d8511

15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a

2b7498abb82bfc105fb641bc1b9e9da602bfeefb252dd8d16d7c1e4fbc3a4668

350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84

6812d44b05455b4503ffa118b62d3810304f3867b528042985dc6ebc834ebdfc

77f75de88b6c8c2df83fdddf5dec9ec0add7887c28976a7252c8dd1519f7d7b1

dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba

e8aea93df30f3e8bd0542030dc4c31c561bdcd1e176a9835372a7d3508750ccf

ee126e4a18e0697b4bfa8e81c16c986ad8625f698f4abbfcb3100245d76cde9e

f2f28583a4690e1bc531879d34c4eeeeab62a88ec34e204b77428a640c0d00fa

+ 4'667 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210203-5xjnm5bhca/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

778ec854f98646f3bc9f4b4aa609b5d96eb78f073935060418135518953d949d

MD5 hash:

0e6a5e9985826f566a6609326aa67107

SHA1 hash:

bd31f0da96992050aa293dd3ec7ac46d14efae44

Link:

https://www.unpac.me/results/016cafd1-354c-4c9a-8be5-182117ea17ea/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/778ec854f98646f3bc9f4b4aa609b5d96eb78f073935060418135518953d949d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/115273/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample