MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c328b51dbd9e7fb96ca2ed21358fd5112c809f9666f9287b55927302c7ac1ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c328b51dbd9e7fb96ca2ed21358fd5112c809f9666f9287b55927302c7ac1ea
SHA3-384 hash: adb2ebf04b5cd0eb2352d3b454c0caa4895b4f52e2685829bf0fb749bd7e444720187cbfe28bfd17da392c6233d63127
SHA1 hash: 5e48dfb313f300b4d460e73bd25b324b88da0df7
MD5 hash: 754d599f8cdeb37d1f3f61764669d799
humanhash: mike-five-early-massachusetts
File name:RFQ#89234A_2021_LISTED_ITEMS_DUC_PHUCS_IMPORT_EXPORT_CO.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2021-01-13 20:12:22 UTC
Last seen:2021-01-13 21:59:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f08e2fa188bfdb85d74117a6c20b7544 (14 x GuLoader)
ssdeep 768:ETpAbB+koysOiKEQWvc+ddsx/RRr4mtXbt2+:ETpTTyLizJtdOZbDX
Threatray 635 similar samples on MalwareBazaar
TLSH 5483E6C07F35EDD6F97DEA323B2DD694C69F3092EB084A51F4759B1829223C1296930E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://onedrive.live.com/download?cid=A951308400164DD4&resid=A951308400164DD4%21108&authkey=AFxQw_r-jz-G0tA

Intelligence

File Origin
# of uploads :
2
# of downloads :
212
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ#89234A_2021_LISTED_ITEMS_DUC_PHUCS_IMPORT_EXPORT_CO.exe
Verdict:
No threats detected
Analysis date:
2021-01-14 05:29:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/85b8c4a1-afe8-4c51-a93b-585ca7608eb7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111850/
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.fm0@T4jtnffi.13583.27706.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/580664
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c328b51dbd9e7fb96ca2ed21358fd5112c809f9666f9287b55927302c7ac1ea/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2021-01-13 20:13:12 UTC
AV detection:
9 of 45 (20.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pqziwuo33ht7xfwkf3jbgwh5kejmqcpzmzxzfb5vlettald2yhva._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0f865ea5da07ebc805df7ea205e25e14271b0a475b278846c33f3733c4723a7e
GuLoader
11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70
GuLoader
1c9344d3993bafbe60739644d0fae336276c4ffd835da89d44b58ef4d744eee0
GuLoader
5ec2198d8ee3d15c25b0868d397eccb0b1b9b4c75594b64906f8251160bd07a1
GuLoader
8780cfbde0db4996b68e320d9d2576f39a2d7f99a8ed60ba0c4e543f17801bd9
GuLoader
9ebbeaf380d12e97972f57de2e052f1e043370d0be0bcd0deb3ebc5334cc68a2
GuLoader
bfa0df21f2c8983588332f6ddca6206583188be49d3b8071e71d36ad8fd0b2c6
GuLoader
cd64991b42d0da07fa0c29055f701d4ea75669ccecdafb6f6ff69ea4f81ba76e
GuLoader
f573cf3eed6dc5635fd82f657a0912c151e2762188e71d161bf173bd40abaa3d
GuLoader
f5ba84be536fb699181da95313618672a534c31009346ce21f3b116aaaa34b70
GuLoader
+ 625 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210113-z56z5fzgve/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
7c328b51dbd9e7fb96ca2ed21358fd5112c809f9666f9287b55927302c7ac1ea
MD5 hash:
754d599f8cdeb37d1f3f61764669d799
SHA1 hash:
5e48dfb313f300b4d460e73bd25b324b88da0df7
Link:
https://www.unpac.me/results/ecc41d52-61bf-4efd-a0f1-3c8ab6b267de/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7c328b51dbd9e7fb96ca2ed21358fd5112c809f9666f9287b55927302c7ac1ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 7c328b51dbd9e7fb96ca2ed21358fd5112c809f9666f9287b55927302c7ac1ea

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/958864/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/111850/

Comments