MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8731774a17b8d40b743f7fd6ff83d45ca5890f8e1371be8a0755186f2fc3cda0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	8731774a17b8d40b743f7fd6ff83d45ca5890f8e1371be8a0755186f2fc3cda0
SHA3-384 hash:	b5fdce5f4c5bd650e55934e643f1f43b8b799881fc8e9984a86dee7ab7f515e741787038dc41a24f63ad38fe635f0106
SHA1 hash:	625a54099c9d9f14fcc67c72100adc1f39657c6a
MD5 hash:	70a39d2fbd4bb41eede4e41d43a413f2
humanhash:	xray-black-xray-one
File name:	STS-QP-18-01-D.doc.exe
Download:	download sample
Signature	GuLoader Alert Create hunting rule
File size:	389'803 bytes
First seen:	2023-07-03 09:50:09 UTC
Last seen:	2023-07-10 10:09:41 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b34f154ec913d2d2c435cbd644e91687 (526 x GuLoader, 110 x RemcosRAT, 80 x EpsilonStealer)
ssdeep	6144:wQ606xcAw6PRmsv4VFv/JT5WC5kmlGKYSSXhkf7B2F0s:IRdv4HHXPnYSS0a
Threatray	948 similar samples on MalwareBazaar
TLSH	T1E384DF01F385D65FF67F1A71D8A3E2BD67B058242E075B033390766DB872E819B06AD1
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	0070e2c266ca64a0 (1 x GuLoader)
Reporter	adrian__luca
Tags:	exe GuLoader

Intelligence

---

File Origin

# of uploads :

3

# of downloads :

267

Origin country :

HU

Vendor Threat Intelligence

ANY.RUN Suspicious

Malware family:

n/a

ID:

1

File name:

STS-QP-18-01-D.doc.exe

Verdict:

Suspicious activity

Analysis date:

2023-07-03 09:53:57 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2fd9736f-8a5c-4613-8748-8d864b102e54

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox Guloader

Detection:

Guloader

Alert

Create hunting rule

Link:

https://www.capesandbox.com/analysis/405848/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.67874356.6624.19493.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a file

Delayed reading of the file

Creating a file in the %temp% subdirectories

Sending a custom TCP request

Certego Dragonfly Suspicious

Result

Malware family:

n/a

Score:

  5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/95254/overview

Behaviour

MalwareBazaar

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

control lolbin masquerade overlay packed shell32

Link:

https://www.filescan.io/uploads/64a29a0b2299d26882645552/reports/29331046-fc98-4be4-b278-049d19c3bdae/overview

Hybrid Analysis Trojan.Generic

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/8731774a17b8d40b743f7fd6ff83d45ca5890f8e1371be8a0755186f2fc3cda0

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Unknown

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/543ad831-068c-4006-a9d4-82b06d691b37

Joe Sandbox GuLoader

Result

Threat name:

GuLoader

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1265726

Signature

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses an obfuscated file name to hide its real file extension (double extension)

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8731774a17b8d40b743f7fd6ff83d45ca5890f8e1371be8a0755186f2fc3cda0/

ReversingLabs TitaniumCloud Win32.Trojan.Guloader

Threat name:

Win32.Trojan.Guloader

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-07-03 09:51:08 UTC

File Type:

PE (Exe)

Extracted files:

5

AV detection:

14 of 24 (58.33%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=q4yxosqxxdkaw5b7p7lp7a6ulssysd4ocny35cqhkumg6l6dzwqa._file

Threatray cloudeye

Verdict:

malicious

Label(s):

cloudeye

Alert

Create hunting rule

Similar samples:

1cc4fab54263dfa842c80a72b78a9c223894264b9b4f25263d8fdc2f69def8a1

GuLoader

2ac28f2913c6e2d231d0b67b49a3491f4046221a42ca349f586e0532ac257575

GuLoader

4d6ae0a40fcc30fab170c3e70dd5076253ddf9fa6ec0886d39cffbd9df99ae52

GuLoader

7382318f5904040997bf14967bce3df6b323bf03901976df75a9b0e822dc5db8

GuLoader

933722fac65bb4de9beeab946469fb6ba42c187a2ada644f781098320b6770b4

GuLoader

d434a9f3609e63a13feafd0bc3bf29abac38d194b72220d9e51054abdaf84826

GuLoader

e4b6f95557a2356d046da60a1ca4e52d302618108fae774b8128ffc0586366e0

GuLoader

e54d5060f522ac4aae58c95d299bff21e5e6e014c941cd0a9e88485ea29e4ebc

GuLoader

eb66ae0428282ee90ca78a2f0d37e322cc682bd9dccb9c7e50bf53da117fd0a4

GuLoader

+ 938 additional samples on MalwareBazaar

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

discovery

Link:

https://tria.ge/reports/230703-lvh9gafh69/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops file in Program Files directory

Drops file in Windows directory

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Checks installed software on the system

Checks QEMU agent file

Loads dropped DLL

UnpacMe 2

Unpacked files

SH256 hash:

f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37

MD5 hash:

8b3830b9dbf87f84ddd3b26645fed3a0

SHA1 hash:

223bef1f19e644a610a0877d01eadc9e28299509

Link:

https://www.unpac.me/results/d2c8f8fa-89a8-4eb4-9c7b-7ef62a00b4a5/

SH256 hash:

8731774a17b8d40b743f7fd6ff83d45ca5890f8e1371be8a0755186f2fc3cda0

MD5 hash:

70a39d2fbd4bb41eede4e41d43a413f2

SHA1 hash:

625a54099c9d9f14fcc67c72100adc1f39657c6a

Link:

https://www.unpac.me/results/d2c8f8fa-89a8-4eb4-9c7b-7ef62a00b4a5/

VMRay GuLoader

Malware family:

GuLoader

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/8731774a17b8/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

exe 8731774a17b8d40b743f7fd6ff83d45ca5890f8e1371be8a0755186f2fc3cda0

(this sample)

  

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/405848/