MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7aac0d666b2552cb06d944ea7c54852070a9434708b221232faff64396b8f70a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7aac0d666b2552cb06d944ea7c54852070a9434708b221232faff64396b8f70a
SHA3-384 hash: c04f098449fc46862a922f8b89149583ce4107c1e08fb0db4433dd69eea1332669bbd04a8c6fd26d2d9c39e98fc0128f
SHA1 hash: 9c5f00bc3b7e8aff886a8b21eb2cba699b76456d
MD5 hash: 02767a23a2e6b59b337dee3f44b75f39
humanhash: jig-yankee-ink-undress
File name:02767a23_by_Libranalysis
Download: download sample
Signature GuLoader
Create hunting rule
File size:112'376 bytes
First seen:2021-05-19 19:01:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3ad518cf51907bc8ca22f7a1354a4250 (11 x GuLoader, 2 x RemcosRAT)
ssdeep 1536:COPygt/5xAuveMduaM32E49JNRxPQ5stIWiyYoy:CORRxJvjBMmX9fRxPQ5st2yYoy
Threatray 1'656 similar samples on MalwareBazaar
TLSH 4EB3D67679BBE470FE1980F0271C93EC918B3A78C929455BECC61904A7F267296503FB
Reporter Libranalysis
Tags:GuLoader


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
02767a23_by_Libranalysis
Verdict:
No threats detected
Analysis date:
2021-05-19 19:37:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2e6acaa2-d2ad-49fb-9588-595a6b2846b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/158749/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.1253.22658.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/785311
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
remcos
Create hunting rule
Link:
https://mwdb.cert.pl/sample/7aac0d666b2552cb06d944ea7c54852070a9434708b221232faff64396b8f70a/
Threat name:
Win32.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2021-05-19 13:50:38 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pkwa2ztlevjmwbwzitvhyvefebyksq2hbczccizpv73ehfvy64fa._file
Verdict:
unknown
Similar samples:
02738721df55077c4a8b8826e7cdd0243003ba4b34cb71f314ad05a29330c9c3
GuLoader
1ad231fb8cb3ab712bef3aae2c319cdd3d9f085eea7e0d205ca3729a85eb1294
GuLoader
3ee7986c2ffb27457b0e9d270fdd477c953c310503fffc27aed1aa8cc6e8c70d
GuLoader
429a766fbf315ee6e6ec01e3a36cc39a66b14c3c71d2a5de94f5fbd2212367dd
GuLoader
7765b39aa0345fd2af3838a548807c90094ea98d227d625ed742260833643b52
GuLoader
86b20b72e5394385d0f51a531923647759f9bc02d048df3c1aad7e26ed773a8b
GuLoader
8f1517666a1f5f7f6d0f38814909251d41de92126c2a7df0626de2fa1ae9ba1f
GuLoader
aa474883fd952e16e13715aa7a698fa8eb0d596fea71d03dfbaa235a1b08aa15
GuLoader
d5956571b9e9bc5c925d5b26a0bd0771c636bff202c0adb7d1d9ad6efe487bae
GuLoader
ed3a8701ae1164a1eec2e06b24ce46f54dd8c19838f7c5f92938cf1156178dca
GuLoader
+ 1'646 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210519-6ls9dfr58j/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Guloader,Cloudeye
Malware Config
C2 Extraction:
http://hshjiopklmsacnzbcjuewahfdsnvmlazbcuewqjh.ydns.eu/XP_remcos%202021_ogBiNEKs50.bin
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7aac0d666b2552cb06d944ea7c54852070a9434708b221232faff64396b8f70a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 7aac0d666b2552cb06d944ea7c54852070a9434708b221232faff64396b8f70a

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/158749/
  
URLhaus
https://urlhaus.abuse.ch/url/1255994/
  
Delivery method
Distributed via web download

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-19 20:09:34 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009.029] Anti-Behavioral Analysis::Instruction Testing