MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8448b9b28eef1e7564e3f16ebe1067e56d5e2c4d9f2f76edd8c2d72b62a3f049. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8448b9b28eef1e7564e3f16ebe1067e56d5e2c4d9f2f76edd8c2d72b62a3f049
SHA3-384 hash: a19e78230622b38d31540936f331b15785a368e6ab1845fa2940384ba33f54c75f230572ec2eabd18447a8192e953aa0
SHA1 hash: c2422d3ae0e22a0af423e50e0acf4299b1cb2645
MD5 hash: 775632e90c7efbdf87f1e2eba502461c
humanhash: sodium-don-lima-north
File name:775632e90c7efbdf87f1e2eba502461c
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2021-07-07 07:07:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 773df40b486ba5eea01d9fbfa70abb4f (6 x GuLoader)
ssdeep 3072:yGFqrsiwQDLTgOHwWVr5CEmZGD6q30UpAdz:ywrO/MZGDznp
Threatray 368 similar samples on MalwareBazaar
TLSH 6AC35B63F6E56C61EFE14B702572D835752BBC31B8939D5A3302BAADB83051362B061F
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
266
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
775632e90c7efbdf87f1e2eba502461c
Verdict:
No threats detected
Analysis date:
2021-07-07 07:08:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/31df4b3d-0865-47d1-96b0-a1a4a709051d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170132/
Detection(s):
SecuriteInfo.com.Variant.Graftor.974196.26900.21035.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/aa093bc5-432f-4268-8c40-4ec9fdad1fd9
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/812729
Signature
C2 URLs / IPs found in malware configuration
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8448b9b28eef1e7564e3f16ebe1067e56d5e2c4d9f2f76edd8c2d72b62a3f049/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-07-07 07:07:14 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qreltmuo54phkzhd6fxl4edh4vwv4lcnt4xxn3oyyllswyvd6beq._file
Verdict:
unknown
Similar samples:
04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b
GuLoader
1fc65a967ab063e5d58e0358b81f9eca048b47013f1e2b1383d8f028b114cffd
GuLoader
7c808fef514fbb79de397a7c84bd1a2763b3b476c821d7c6f7d05b64501c900f
GuLoader
8b137dd6a6e551e04c153e201ee66fae098842c02f872897f02ff46d194cc5e3
GuLoader
938087389b02ec5d84f851272745beb0dbd672a0515addacbf640c228ed6c710
GuLoader
94f4ae590ee86d414202b7e94ee0902170e6342546a14b4f6156a7f7ea8937f5
GuLoader
97c784403f83adbd7a4b8142c3e69e9acba2898d7293063a07b58ea35dff7b39
GuLoader
a7ebbd6144983988399b8f4e24e169d9c6797f5c573f8ebfc9146d913507fb13
GuLoader
c0fb3989dccc0e8aa3c3b0e95a8b6cc3982c41c80930998efc1ac26613b0153e
GuLoader
f8e52fa75724eb08c0ec68db6799740ad36c7178b8f0dd7c8b0ee755ff60c653
GuLoader
+ 358 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210707-cl381m8kwe/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
http://farmersschool.ge/bin_xYtXMewT242.bin
https://www.zvetmet.ru/media/media/bin_xYtXMewT242.bin
Unpacked files
SH256 hash:
8448b9b28eef1e7564e3f16ebe1067e56d5e2c4d9f2f76edd8c2d72b62a3f049
MD5 hash:
775632e90c7efbdf87f1e2eba502461c
SHA1 hash:
c2422d3ae0e22a0af423e50e0acf4299b1cb2645
Link:
https://www.unpac.me/results/4e444963-bd16-4cf6-933e-97cfa165ff35/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8448b9b28eef1e7564e3f16ebe1067e56d5e2c4d9f2f76edd8c2d72b62a3f049

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 8448b9b28eef1e7564e3f16ebe1067e56d5e2c4d9f2f76edd8c2d72b62a3f049

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1432703/
Cape
Cape
https://www.capesandbox.com/analysis/170132/

Comments


Avatar
zbet commented on 2021-07-07 07:07:06 UTC

url : hxxp://180.214.239.39/mssn/.svchost.exe