MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8bd2088df673c9e9ee6227a521bcadce468a7e9e0b6a7f6a462c20fc19a3d4bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8bd2088df673c9e9ee6227a521bcadce468a7e9e0b6a7f6a462c20fc19a3d4bd
SHA3-384 hash: 047dac11c4bb955480bf383268d561acccf0f2ce73670561bb0e093975baf030577b906eb3ce1347298b1d9dcd24ddde
SHA1 hash: 56355a6b0a7bf72f385eb2688cefdbe63ccfcbdc
MD5 hash: 36e56ca33226a58d835192481dc3ef32
humanhash: lima-virginia-hamper-ink
File name:FACTURA.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:139'264 bytes
First seen:2021-10-07 10:52:18 UTC
Last seen:2021-10-08 06:20:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d0ac0bdf3a5152bcac064d77eed21690 (9 x GuLoader, 1 x Gozi)
ssdeep 3072:tjQs3oCH/xTWvPg1lga2dRsqkaMUCMK9TLIzh/jrVB:tUS5/Ig7n2dDxLrVB
Threatray 759 similar samples on MalwareBazaar
TLSH T167D317D1BA8D8536C402E07E2F3FD4ABBB1D3C3305512983724E2B89D7722EA69B1355
File icon (PE):PE icon
dhash icon 00e0d282d2d200c2 (9 x GuLoader, 1 x Gozi)
Reporter GovCERT_CH
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
FACTURA.exe
Verdict:
No threats detected
Analysis date:
2021-10-07 10:53:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6622c068-d9d1-4f3c-baf2-ef8269051fb8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/195812/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.27049.22167.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/615ed18fb95458900cde0ca6/reports/706aa043-19da-4167-8b72-8a88f07968a0/overview
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4e855f55-fd60-47f4-ac64-ba1d7afdaa03
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/866285
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8bd2088df673c9e9ee6227a521bcadce468a7e9e0b6a7f6a462c20fc19a3d4bd/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-10-07 10:53:07 UTC
AV detection:
15 of 27 (55.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rpjardpwope6t3tce6ssdpfnzzdiu7u6bnvh62sgfqqpygnd2s6q._file
Verdict:
unknown
Similar samples:
0557d7be3d3d7b353dd4339e660c177cba1421c61eb8f5ddbd5c66053ea02874
GuLoader
1bff56f04d07e60d4e7b628c6942a9b1476c4d9ad5c20cc97d8330b7cb7fa864
GuLoader
25b1b9c09860911a5e932106bda457849099223f19ee11fca9076c47bb837a67
GuLoader
99c1a96121410c61014d0115983f43fad64acc77d21914a9fb9e3c6ba262627a
GuLoader
9c81bbf1bc2ab2eaac0c64e9b2477fc275fcbcec4f9e93664f7f754a6a73f11b
GuLoader
a73af68af80e885c118c828cc782e158a28ad61a2229f737288222a877c51291
GuLoader
b54efef8396314c1f95d540ce7d0ca79f9c8c98e431c6dd177ecf037167957de
GuLoader
b7949bfaf6abe4941e0e398499e8e4b020cdc6208d9fe40bcff9a02ed9367eff
GuLoader
b7ba8526dce23b4703eabd0b544b17efb4391943be96df96a76cf0434134a85b
GuLoader
e29eaf2eb064b7413755e438997bd51160816249665ba44aab2ed9b276dbfd39
GuLoader
+ 749 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/211007-myyzrsccb4/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
8bd2088df673c9e9ee6227a521bcadce468a7e9e0b6a7f6a462c20fc19a3d4bd
MD5 hash:
36e56ca33226a58d835192481dc3ef32
SHA1 hash:
56355a6b0a7bf72f385eb2688cefdbe63ccfcbdc
Link:
https://www.unpac.me/results/f65b56e3-930f-47f0-ad7e-366fb9c247f9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8bd2088df673c9e9ee6227a521bcadce468a7e9e0b6a7f6a462c20fc19a3d4bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 8bd2088df673c9e9ee6227a521bcadce468a7e9e0b6a7f6a462c20fc19a3d4bd

(this sample)

  
Dropped by
guloader
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/195812/

Comments