MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a714868cf6bea9d1a01154cc98fa33abbe75350f06cf26d31538ed0aba6a808. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a714868cf6bea9d1a01154cc98fa33abbe75350f06cf26d31538ed0aba6a808
SHA3-384 hash: 6ba0e62ec42b2861346339ebd8c138c1a36e0e10a2430b94e8b3a642b99ebe1f072abebae7bab360fdf976c3a60ec96d
SHA1 hash: 0b5c5afd46ab950959dc1e5fda5520ddae0c51a4
MD5 hash: a60166d50572eedc2e44b327e4928324
humanhash: arizona-nitrogen-helium-monkey
File name:Documentos de envío.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2021-08-02 14:47:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fef384fc3a66a559dff455f07d497ca0 (5 x GuLoader)
ssdeep 3072:W5CFYJr2EF82w1+AG+TeMn5+oXdFv1x9:PHEbLEzhNFv
Threatray 5'311 similar samples on MalwareBazaar
TLSH T163E37F7F98ECE121E395F8F56927E476120474CBAB0E422F5488FABCF1279911D41E3A
dhash icon d4eac8cccce8e8d4 (7 x GuLoader)
Reporter lowmal3
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
258
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Documentos de envío.exe
Verdict:
No threats detected
Analysis date:
2021-08-02 14:49:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2f74f458-2591-4809-a813-4ede47951b46

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a process from a recently created file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/13925b20-9f20-46fb-a70c-09be9f1eebb0
Result
Threat name:
GuLoader AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spre.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/825579
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Executable has a suspicious name (potential lure to open the executable)
GuLoader behavior detected
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: RegAsm connects to smtp port
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a714868cf6bea9d1a01154cc98fa33abbe75350f06cf26d31538ed0aba6a808/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-08-02 12:13:49 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rjyuq2gpnpvj2gqbcvgmtd5dhk56ou2q6bwpe3jrkohnbk5gvaea._file
Verdict:
unknown
Similar samples:
0c8b9ba8bdd9a1d91ba4d61c81480b7337e6189fb0836301d71e90fa6adec8b6
GuLoader
447a0d8244572bcab27cab7d54e43ac0cd4724073d6b9deb381c78d32a97b418
GuLoader
6744f6083b8e8c5fca03f50101223d6125db7a1aebeb9de0e87c9e67441e8a53
GuLoader
81be23ce8636c948e1ac5c966ee5c34f738f8dc20aa85acedbca48f92e1ff363
GuLoader
952c1bc7773c529d609f5eac3d5268274cec23eb495ca6ce78a866a73f96aa24
GuLoader
ae98329a85df13c2051e0090dc455032f1202eb36da3df3c17ac36f94d0b95e0
GuLoader
cb2a2537987e45c8461d40a0ec6c24215920519257134db91dd1369ff5abf342
GuLoader
d54cafc1ca36d0ddd134f53d033ebbaaa490721d62d4168106a9b6c7cfa200ba
GuLoader
ff1b034c7060724133c6df0aa8cf5411ec0e6775d3aca83a127617340a8c588a
GuLoader
+ 5'301 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210802-pk9m7277p2/
Behaviour
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Guloader,Cloudeye
Unpacked files
SH256 hash:
8a714868cf6bea9d1a01154cc98fa33abbe75350f06cf26d31538ed0aba6a808
MD5 hash:
a60166d50572eedc2e44b327e4928324
SHA1 hash:
0b5c5afd46ab950959dc1e5fda5520ddae0c51a4
Link:
https://www.unpac.me/results/228cc289-f605-4c2c-9cea-68d14b5d80b0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/8a714868cf6bea9d1a01154cc98fa33abbe75350f06cf26d31538ed0aba6a808

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 8a714868cf6bea9d1a01154cc98fa33abbe75350f06cf26d31538ed0aba6a808

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments