MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e888d65d20a6ecc59083c7ef9236f4cf74ed8dc96a54f69989ad52d24b54681. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	7e888d65d20a6ecc59083c7ef9236f4cf74ed8dc96a54f69989ad52d24b54681
SHA3-384 hash:	d1cb10a2168bdec7a3d1ac97ac4d5541b9c2ac27c33ac3c642da2cf7c62a07367ad5c85906938e6aa20287642438d299
SHA1 hash:	5d62e50c3c831f88deef4a6945721917172ab544
MD5 hash:	a7997ce482de4f44a8790ffbc8d6f981
humanhash:	indigo-vegan-oscar-paris
File name:	MV VALADON.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	324'184 bytes
First seen:	2022-11-23 15:37:39 UTC
Last seen:	2022-11-23 17:36:54 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e221f4f7d36469d53810a4b5f9fc8966 (118 x GuLoader, 28 x RemcosRAT, 21 x Formbook)
ssdeep	6144:slJZf/SvjIg4YXs99UNKfSOvPyXVxGgIidmrL29RG60umJaDUbaPZx9Yx2:slivjIBaWmKlyXVxGtiQig60uAkvx44
Threatray	67 similar samples on MalwareBazaar
TLSH	T1DA641244EBC4C4E7E9274A728DB3DA2A9231F159A0B03D5F2729BA9124F37C31467D1B
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	e6e2c2c2e2c2c2e2 (1 x GuLoader)
Reporter	Anonymous
Tags:	exe GuLoader signed

Code Signing Certificate

Organisation:
Issuer:
Algorithm:	sha256WithRSAEncryption
Valid from:	2021-12-15T22:37:47Z
Valid to:	2024-12-14T22:37:47Z
Serial number:	-024382873c280835
Thumbprint Algorithm:	SHA256
Thumbprint:	abdd5f7557e84197c72a0be64464ea268d8b8cfffea21f2f5ae788a48e883bd7
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

308

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

guloader

ID:

File name:

MV VALADON.exe

Verdict:

Malicious activity

Analysis date:

2022-11-23 15:39:03 UTC

Tags:

guloader

Link:

https://app.any.run/tasks/070aad8e-d212-4117-9149-75fca8bcc612

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/337723/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.63328233.8098.2731.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a window

Creating a file

Sending a custom TCP request

Searching for the window

Delayed reading of the file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/637e3e5a5be128ac718e84db/reports/ba7230f8-e909-4741-83e7-22789dbffd0e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/fbc8acdc-725a-4a29-9a22-bff2f812ebce

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1119841

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7e888d65d20a6ecc59083c7ef9236f4cf74ed8dc96a54f69989ad52d24b54681/

Threat name:

Win32.Trojan.Tnega

Status:

Malicious

First seen:

2022-11-02 03:28:49 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

20 of 26 (76.92%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p2ei2zosbjxmywiihr7psi3pjt3u5wg4s2su62mytlks2jfvi2aq._file

Verdict:

malicious

Label(s):

cloudeye

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/221123-s22gysfh6y/

Behaviour

Enumerates physical storage devices

Drops file in Program Files directory

Drops file in Windows directory

Checks installed software on the system

Loads dropped DLL

Unpacked files

SH256 hash:

7fe77ca13121a113c59630a3dba0c8aaa6372e8082393274da8f8608c4ce4528

MD5 hash:

fc90dfb694d0e17b013d6f818bce41b0

SHA1 hash:

3243969886d640af3bfa442728b9f0dff9d5f5b0

Link:

https://www.unpac.me/results/6e58aeb7-bea9-4309-b40e-9ff401793f72/

SH256 hash:

7e888d65d20a6ecc59083c7ef9236f4cf74ed8dc96a54f69989ad52d24b54681

MD5 hash:

a7997ce482de4f44a8790ffbc8d6f981

SHA1 hash:

5d62e50c3c831f88deef4a6945721917172ab544

Link:

https://www.unpac.me/results/6e58aeb7-bea9-4309-b40e-9ff401793f72/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7e888d65d20a6ecc59083c7ef9236f4cf74ed8dc96a54f69989ad52d24b54681

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/337723/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample