MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d2f6b5af6dee6568c8d9f58a3a618b47964bef00531f15063ed2e289d7e2abf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d2f6b5af6dee6568c8d9f58a3a618b47964bef00531f15063ed2e289d7e2abf
SHA3-384 hash: bf45cafdd489321c7f6571317cad6be03c8e2103a1201c9ddaa3e74c673fea6e21e73deb9f5c9c94e5e6a02ba671bd37
SHA1 hash: 15766bfdbd612d174ee233dce4d466880728f8f3
MD5 hash: 3421ebb45a538c5044d484703448f2a7
humanhash: asparagus-kansas-single-zebra
File name:3421ebb45a538c5044d484703448f2a7.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2021-01-21 18:31:32 UTC
Last seen:2021-01-21 21:05:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f0b86fcdc858848465b74699359cbeef (1 x GuLoader)
ssdeep 1536:VMmOBBPTp3C7uIaILxhhn3JbPMfIxvktHFoDZNDA87itMmO:CmAJTpSkUbaf+vktHClND7iqm
Threatray 4'673 similar samples on MalwareBazaar
TLSH 7FA3AEE1F2B5EB6ED20186352EE2BA7C484ABC305515871374C63BAE3D76740288F35B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?id=1iVfJX6RRnsOElSh7alFg7tO1HIpcIP0P&export=download

Intelligence

File Origin
# of uploads :
2
# of downloads :
266
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Invoice_Pl.xlsx
Verdict:
Malicious activity
Analysis date:
2021-01-21 10:59:24 UTC
Tags:
encrypted exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/9ba64efe-5e36-455a-addf-9e92bc4d0249

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/113379/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34780.gm0@a8zulpfb.7276.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/587660
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d2f6b5af6dee6568c8d9f58a3a618b47964bef00531f15063ed2e289d7e2abf/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-21 14:13:20 UTC
AV detection:
10 of 29 (34.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ruxwwwxw33tfndent5mkhjqywr4wjpxqauy7cudd5uxcrhl6fk7q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0fcd1b468fe2159ca2ca63eaa81655f59ff8f63e3bbd6d7dd789807f7776e0bb
GuLoader
116078d29890c8b0d748b2f2709d2768f7ad9ac04688db1f44189f019f62050f
GuLoader
1fccab885b5fbfef621f85299c5c698965a415f96e1966ef278d9268cb5d921a
GuLoader
37f99fd8cd0da50db89ff0b8fa05029e283aa5ac0cb8770dd17514dbf760f744
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
94a32b234e3acda70a26f78a56620a6aa7cf6dc21672766e38a75211e13108aa
GuLoader
96806ca7e35fc1840e35d756d2242c494fa734a81d76ceb8586fd10ef6548f39
GuLoader
9c2e8914a4d3511eaa2f69e6ab33c9ff7d760d4ebfb761b38ed56eed8fe32ddb
GuLoader
b32598815ea88a25f6459ae8b5035d0ed9c787d8fee5f124a24543c0550d9070
GuLoader
b33804d1bcadb3c28baad638d82f7510ab66451a5a602978dfa8f629e6bdca05
GuLoader
+ 4'663 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210121-phz4nk4nc6/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
8d2f6b5af6dee6568c8d9f58a3a618b47964bef00531f15063ed2e289d7e2abf
MD5 hash:
3421ebb45a538c5044d484703448f2a7
SHA1 hash:
15766bfdbd612d174ee233dce4d466880728f8f3
Link:
https://www.unpac.me/results/536f16d0-e501-4477-897c-e5a3900f6845/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8d2f6b5af6dee6568c8d9f58a3a618b47964bef00531f15063ed2e289d7e2abf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 8d2f6b5af6dee6568c8d9f58a3a618b47964bef00531f15063ed2e289d7e2abf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/973393/
Cape
Cape
https://www.capesandbox.com/analysis/113379/
  
URLhaus
https://urlhaus.abuse.ch/url/973372/
  
Delivery method
Distributed via web download

Comments