MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 842a028d1a0b25b4e443f3df6f4ad724b53826604d6e5963668223e44740033f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 842a028d1a0b25b4e443f3df6f4ad724b53826604d6e5963668223e44740033f
SHA3-384 hash: 1cec149727c88adf0a928607ad0d95768442410a72926d64bac3947aa6dae96a529a3c973aee3cae1239f010fac6d053
SHA1 hash: 5cc3bd27ea3b9634c09043095c52da001e986ad5
MD5 hash: 95ea943b96693d01b5301e34fc485393
humanhash: october-high-spring-blue
File name:Justificacion de pago 75. 344,70 Euro de Grupo Santander.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:241'664 bytes
First seen:2021-07-19 09:00:09 UTC
Last seen:2021-07-19 09:37:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e9f7dd0da1a2a1266893e1ae4ef42b67 (5 x GuLoader)
ssdeep 3072:q3BepJlZa/g3bgOt/Z9FzqMkE0ZAkK0GtWHJlZapGBR:giUg8OtBYEUAkF9HP
Threatray 5'197 similar samples on MalwareBazaar
TLSH T16334191E7604E81AF8A6C8B73419F12B62017C7752451E1B724CBB30D837776A8BBEC6
Reporter lowmal3
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Justificacion de pago 75. 344,70 Euro de Grupo Santander.exe
Verdict:
No threats detected
Analysis date:
2021-07-19 09:04:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3179bb94-a530-4ef4-8149-5a1c597406ef

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172505/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.12185.89.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8d0d8e7f-820f-46ec-b34e-d7893d257b52
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/818150
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/842a028d1a0b25b4e443f3df6f4ad724b53826604d6e5963668223e44740033f/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qqvafdi2bms3jzcd6ppw6swxes2tqjtajvxfsy3gqir6ir2aam7q._file
Verdict:
unknown
Similar samples:
0005e5022cd608e05426c717720cab930b17de32f9afde7af7db5bff68db21ea
GuLoader
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a
GuLoader
4e16c663be416ebc214f67367811ccbfec46102cc9ecac856b91f58ff775885d
GuLoader
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
GuLoader
6f47b4825836d58654b05deac55c892825a83e479c406b9b027a0dc6bd8e3938
GuLoader
987dc74919f44878a84a0f55e4edb62da489c9423dc048bab596f16dfac56942
GuLoader
c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f
GuLoader
cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef
GuLoader
e1e293cbd9c3deeabfdea61324e45217067414499d34ab8c6add548bb8c926ec
GuLoader
+ 5'187 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210719-dhtpbyxsve/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
842a028d1a0b25b4e443f3df6f4ad724b53826604d6e5963668223e44740033f
MD5 hash:
95ea943b96693d01b5301e34fc485393
SHA1 hash:
5cc3bd27ea3b9634c09043095c52da001e986ad5
Link:
https://www.unpac.me/results/bacd3c66-b479-482e-a70f-1e1057c75aa1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/842a028d1a0b25b4e443f3df6f4ad724b53826604d6e5963668223e44740033f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:adonunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:AD on UNIX

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 842a028d1a0b25b4e443f3df6f4ad724b53826604d6e5963668223e44740033f

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/172505/

Comments