MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c0a44319ba7a567058b139432f5a549f937d2c9e499006744beffc927c8ce6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c0a44319ba7a567058b139432f5a549f937d2c9e499006744beffc927c8ce6a
SHA3-384 hash: 9e0a667b749aca63301b840b4d8c1a925d123321076e70f3cd3c0c6424b0f686592b5c298c6d74dda481125c83697f88
SHA1 hash: 671b67c0b1b9ecd770297f872aafd76dec5df5a7
MD5 hash: 9170f26f689ad9b18ca8363031a490cc
humanhash: yellow-carpet-south-may
File name:CERERE URGENTA DE COTARE PENTRU PRODUSELE DVS.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:140'312 bytes
First seen:2021-08-23 07:06:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dd3a3334209d6b1494aa752cb5ad8a77 (1 x GuLoader)
ssdeep 1536:h3DyjIOeetL7EhTkPjGHn62TTcUS0ulEoB/f3T9lx/6r43jmxTgWUXdLdN:12aoL7mQjGHn6QYVRB/hv/ukmuWedLdN
Threatray 5'267 similar samples on MalwareBazaar
TLSH T1E2D38EF265D3CD42E711C472433247941EFEE8601833CA6B92CDDE4D4A77A81986FEA6
dhash icon 9386c6f232a6d2ac (2 x GuLoader)
Reporter lowmal3
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
CERERE URGENTA DE COTARE PENTRU PRODUSELE DVS.gz
Verdict:
No threats detected
Analysis date:
2021-08-19 12:40:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c593198f-6fc7-4321-8c4b-595f716c829a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181404/
Detection(s):
Win.Malware.Generic-9887177-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/01b17f51-00fb-4303-a76f-5f2aa50d62a6
Result
Threat name:
GuLoader Lokibot
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/837354
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected GuLoader
Yara detected Lokibot
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c0a44319ba7a567058b139432f5a549f937d2c9e499006744beffc927c8ce6a/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-08-19 09:00:14 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pqfeimm3u6swobmlcokdf5nfjh4tpuwj4smqaz2ex374sj6izzva._file
Verdict:
unknown
Similar samples:
447a0d8244572bcab27cab7d54e43ac0cd4724073d6b9deb381c78d32a97b418
GuLoader
552db26bdd2347a216bb88e706ebf2bc9a145c8a5d38d082c53dcdd2f344c162
GuLoader
55703ed5643143dc84f5c746c712a56e46c8c6cdb18456eaf46e6c6f085d92b7
GuLoader
71756ea23acdd988833bafc579a81eb54341f13f6657fed3aedce37a4d9606ea
GuLoader
7c113db245bdcc7da302e5c36e7c340e8467dc91cb9576a3ffb479575ad21b71
GuLoader
952c1bc7773c529d609f5eac3d5268274cec23eb495ca6ce78a866a73f96aa24
GuLoader
d54cafc1ca36d0ddd134f53d033ebbaaa490721d62d4168106a9b6c7cfa200ba
GuLoader
ff1b034c7060724133c6df0aa8cf5411ec0e6775d3aca83a127617340a8c588a
GuLoader
+ 5'257 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210823-yf7h1padtn/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
7c0a44319ba7a567058b139432f5a549f937d2c9e499006744beffc927c8ce6a
MD5 hash:
9170f26f689ad9b18ca8363031a490cc
SHA1 hash:
671b67c0b1b9ecd770297f872aafd76dec5df5a7
Link:
https://www.unpac.me/results/07322dce-fe59-41e3-904e-8821a5c2864d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c0a44319ba7a567058b139432f5a549f937d2c9e499006744beffc927c8ce6a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 7c0a44319ba7a567058b139432f5a549f937d2c9e499006744beffc927c8ce6a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/181404/

Comments