MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0
SHA3-384 hash: 686eb6fd37094f02a40e24f51f90261d0c6001a435b9af431c46c77588f7f91a0aa9fdeef9eabcd73fc5eb7fa6380fb0
SHA1 hash: 797252e9139d3d46825440335437ad9d538f6b5b
MD5 hash: 38034f18af511c3b04b25170735e8b8e
humanhash: missouri-wyoming-helium-mississippi
File name:38034f18af511c3b04b25170735e8b8e
Download: download sample
Signature GuLoader
Create hunting rule
File size:166'200 bytes
First seen:2022-01-28 21:50:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (720 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep 3072:cbG7N2kDTHUpou0lvStHlquLNLbzKhBvOQsn7DdTAk5RmIdaDm2ghplP:cbE/HUMFSeK+hYQsn7CXIoDyhpl
Threatray 1'486 similar samples on MalwareBazaar
TLSH T184F3F117F3A4C633D5720971B8BACB76CEEE6D2D60918A4B63107F5E3C716916A1E320
File icon (PE):PE icon
dhash icon a4b4b1b271e8f494 (1 x GuLoader)
Reporter zbetcheckin
Tags:32 exe GuLoader signed

Code Signing Certificate

Organisation:Knallerter4
Issuer:Knallerter4
Algorithm:sha256WithRSAEncryption
Valid from:2022-01-28T05:43:20Z
Valid to:2023-01-28T05:43:20Z
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: b7f1e132885ecbe632deeace43b09d8aaf984c146db830bd5aca8c82bcbe7d89
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
333
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
38034f18af511c3b04b25170735e8b8e
Verdict:
Malicious activity
Analysis date:
2022-01-28 22:08:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4350a1d8-0597-4cc3-bb20-37d106166305

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/225635/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Creating a file
DNS request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5435/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61f4654820a5f4d327dc8099/reports/3184ee35-4c9d-4a27-9e43-42d1d07771e6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4788b3f5-7325-4092-8a14-dbac7e0bdce7
Result
Threat name:
AgentTesla GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/930019
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0/
Threat name:
Win32.Downloader.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2022-01-28 09:54:58 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
19 of 28 (67.86%)
Threat level:
  3/5
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
00caa54a646237cf00f305613cdd9e0e8dd8e4dcd9706bbdfc71e22f6e673683
GuLoader
39cd27e2d57db8bfedfc31413679e5c4cb27274a45c0acb98c0ad81905729ca5
GuLoader
4959de8067a62478d5192edb0c7822484ea3f75c643100b4c73b0165eadd8911
GuLoader
7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347
GuLoader
c5072b4120ac9daa3dc0e000cce9e6d6e3a1ca01fed779e0b43d877a744409cd
GuLoader
c5c0fbca778f53dc085d84ad3f038e4a20bce7add5f07012594194bc3bca522a
GuLoader
fee1019ba9c5d5229717f864c5dc8e1b49150b0c4db83f4a2c9b36d51eb03025
GuLoader
+ 1'476 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220128-1qgx6sedgk/
Behaviour
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
MD5 hash:
cff85c549d536f651d4fb8387f1976f2
SHA1 hash:
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
Link:
https://www.unpac.me/results/f0828b59-aa8a-41f5-9c01-6dc6caab4d7e/
SH256 hash:
7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0
MD5 hash:
38034f18af511c3b04b25170735e8b8e
SHA1 hash:
797252e9139d3d46825440335437ad9d538f6b5b
Link:
https://www.unpac.me/results/f0828b59-aa8a-41f5-9c01-6dc6caab4d7e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.28
Link:
https://yomi.yoroi.company/submissions/7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2012482/
Cape
Cape
https://www.capesandbox.com/analysis/225635/

Comments


Avatar
zbet commented on 2022-01-28 21:50:14 UTC

url : hxxp://107.172.93.32/309/vbc.exe