MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88d3b3a6564e25b63b31f4a00361384fd294f228763b3bde4e3162144971d385. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88d3b3a6564e25b63b31f4a00361384fd294f228763b3bde4e3162144971d385
SHA3-384 hash: 1f56d4469512352ee9780284b2fa5f9252d93cac1341dfd21a69689aa4194212cd5ab64315406afb81b2f3745d4e4b92
SHA1 hash: c29f2524ae4bd239c849720b1fc6ce5c13bee93b
MD5 hash: 35a93d1f2edc044b3d8289abfeb17a43
humanhash: sierra-football-don-island
File name:Unreal.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2021-09-27 14:11:45 UTC
Last seen:2021-09-27 16:57:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1eb0aaa4f15bbd841e91215ce68e26d2 (4 x GuLoader)
ssdeep 1536:yS+Spugs2L010fBhmNDLI41mFLHvHWJbrZk5Le5O3VzM/:F5puZA01iBYNh1m1HvHwfZkRz0
Threatray 1'214 similar samples on MalwareBazaar
TLSH T101A36A34F2DBDA98F798E175D397D5F01310EC10E0689AF729D47E09FA74A6223611E8
File icon (PE):PE icon
dhash icon 78f8f2d6d4acd9d2 (12 x GuLoader)
Reporter adrian__luca
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Recibo de pago. (604 KB).msg
Verdict:
Malicious activity
Analysis date:
2021-09-27 12:08:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/44ffeeff-372f-4c1f-8534-181398e43468

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/192154/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ce9ac2bc-3803-4654-b6ec-29c0f73257e4
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/859048
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1369 Sample: Unreal.exe Startdate: 27/09/2021 Architecture: WINDOWS Score: 92 40 spclient.wg.spotify.com 2->40 42 prda.aadg.msidentity.com 2->42 44 2 other IPs or domains 2->44 48 Found malware configuration 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 GuLoader behavior detected 2->52 54 3 other signatures 2->54 8 Unreal.exe 1 2->8         started        11 mpam-20b5c938.exe 4 2->11         started        14 wevtutil.exe 8 1 2->14         started        16 wevtutil.exe 1 2->16         started        signatures3 process4 file5 60 Writes to foreign memory regions 8->60 62 Tries to detect Any.run 8->62 64 Hides threads from debuggers 8->64 18 RegAsm.exe 13 8->18         started        22 RegAsm.exe 8->22         started        34 C:\Windows\ServiceProfiles\...\mpavdlta.vdm, PE32+ 11->34 dropped 36 C:\Windows\ServiceProfiles\...\mpasdlta.vdm, PE32+ 11->36 dropped 38 C:\Windows\ServiceProfiles\...\MpSigStub.exe, PE32+ 11->38 dropped 24 MpSigStub.exe 1 11->24         started        26 conhost.exe 14->26         started        28 conhost.exe 16->28         started        signatures6 process7 dnsIp8 46 drive.google.com 142.250.185.142, 443, 49763 GOOGLEUS United States 18->46 56 Tries to detect Any.run 18->56 58 Hides threads from debuggers 18->58 30 WerFault.exe 22 16 18->30         started        32 conhost.exe 18->32         started        signatures9 process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88d3b3a6564e25b63b31f4a00361384fd294f228763b3bde4e3162144971d385/
Threat name:
Win32.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2021-09-27 11:13:20 UTC
AV detection:
6 of 45 (13.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rdj3hjswjys3mozr6sqagyjyj7jjj4rioy5txxsogfrbislr2ocq._file
Verdict:
malicious
Similar samples:
0330d6ce24c120c8b37a691bebfe1fc023bda398d26942c2775c1bfb886a6f75
GuLoader
2771001533219c30ec24046a9fba6c67a665c9c48f01947e2040c65318b83f7e
GuLoader
407da066b56d8c792547a82e039b6d258eba85fe6f7b5dd3656813ca5c2870b3
GuLoader
745b09577210567e946eea915befdc93fcf38944f887be5bff76dd69caf8826a
GuLoader
79e6799e2eb9dbe27b29e3707175322014ffdfbb943c791977d592017a46ad9c
GuLoader
ab563a1e215c2ee59dd5302bfbb81398300642dac6cd86e8faad1f28c02edb9c
GuLoader
e45126e1fced974616b02a44e0a0d6c17d3788161010dd18a1429e69b5f6a947
GuLoader
+ 1'204 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210927-rhwa6ahbf8/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
88d3b3a6564e25b63b31f4a00361384fd294f228763b3bde4e3162144971d385
MD5 hash:
35a93d1f2edc044b3d8289abfeb17a43
SHA1 hash:
c29f2524ae4bd239c849720b1fc6ce5c13bee93b
Link:
https://www.unpac.me/results/69901625-23bb-4003-a945-aee5258eae25/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/88d3b3a6564e25b63b31f4a00361384fd294f228763b3bde4e3162144971d385

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 88d3b3a6564e25b63b31f4a00361384fd294f228763b3bde4e3162144971d385

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/192154/

Comments