MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84dbd0307393393c010f6fe5a29e57aa81e1a9d31f30cf9f6f31f185b0d1ee96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84dbd0307393393c010f6fe5a29e57aa81e1a9d31f30cf9f6f31f185b0d1ee96
SHA3-384 hash: b24aba0addab70fa118d250529ceb4bcb98c5426df7819b57416b724700c72d7b99636b1f2c35a0c3d12fbac439394e7
SHA1 hash: 4ab1ff5eabff229165ba7db3ee7077651b4f83e7
MD5 hash: 329d59b5a8edf7cb98c65f5c67f031d8
humanhash: harry-finch-ink-diet
File name:329d59b5a8edf7cb98c65f5c67f031d8
Download: download sample
Signature GuLoader
Create hunting rule
File size:159'744 bytes
First seen:2021-07-08 17:01:14 UTC
Last seen:2021-07-08 18:46:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 872b47fc56f8007e7a5f75ea140af73b (2 x GuLoader)
ssdeep 1536:RoXpDsj5zqV4iuNWlogGagChgf7zH13wfkE/i7a9TmYFwo6jjuI+UNw:ipJV4iuNwSLChWH2Ni7a9T03u2N
Threatray 73 similar samples on MalwareBazaar
TLSH T14FF308E13299B03DE67B40B02335A22466ED6C317701B056DFC6E25F357B602ABB9937
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
201
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170524/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.12707.20978.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d0172bcd-a263-4da2-a59b-4092617ceae7
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/813647
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/84dbd0307393393c010f6fe5a29e57aa81e1a9d31f30cf9f6f31f185b0d1ee96/
Threat name:
Win32.Backdoor.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-07-08 17:02:06 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
5 of 28 (17.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qtn5amdtsm4tyaipn7s2fhsxvka6dkotd4ym7h3pghyylmgr52la._file
Verdict:
unknown
Similar samples:
10fb1047794d9a933f644978c5bfe1eb5dd2d66b87489823f69ca414d2688537
GuLoader
12e42bff4fa377032623342ac1f23a5c87225a40ef8b900cbb06ae4bd203864d
GuLoader
3dd1a3c527b49134a0241485d8df32b7eb625dd68f52bcc6597002956d6b70d4
GuLoader
5262760b5075df8ba6480155393b2d77774679302c803e6e05ff36fca2e36160
GuLoader
53180a35165cd2b407bee274b9872b94f849e73c7b42dbd9370eecf0f4cc00e8
GuLoader
67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
GuLoader
8560db7181c690430d6f38f8b3675e881dcba44904fac74f15a0df136dfa8251
GuLoader
adea37317bf08b2dbb86164c609b0ee2eec3ccd6ef0e82c1c46d8447623e5899
GuLoader
d6614b7f6807551a065bcb9cc99a6335a2e6f2c2e124363d898b52aa53c3d247
GuLoader
eaf38de6ac4347ac84bcbe648301fedfe021aeafbc3bf40404a4003117a8967a
GuLoader
+ 63 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210708-tyrt5ky85e/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://drive.google.com/uc?export=download&id=1K3Lip-xPNH1vgPtUkUIRcsaIqcD6BHqT
Unpacked files
SH256 hash:
84dbd0307393393c010f6fe5a29e57aa81e1a9d31f30cf9f6f31f185b0d1ee96
MD5 hash:
329d59b5a8edf7cb98c65f5c67f031d8
SHA1 hash:
4ab1ff5eabff229165ba7db3ee7077651b4f83e7
Link:
https://www.unpac.me/results/76998f63-07eb-4432-8456-744de6e7c2c2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/84dbd0307393393c010f6fe5a29e57aa81e1a9d31f30cf9f6f31f185b0d1ee96

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 84dbd0307393393c010f6fe5a29e57aa81e1a9d31f30cf9f6f31f185b0d1ee96

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1436566/
Cape
Cape
https://www.capesandbox.com/analysis/170524/
  
URLhaus
https://urlhaus.abuse.ch/url/1436656/

Comments


Avatar
zbet commented on 2021-07-08 17:01:14 UTC

url : hxxp://198.12.91.134/html/vbc.exe