MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 922b6743cac4c11fded552f01d08fcde42b75b9a59d1c9ec119c0c26efab772d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 922b6743cac4c11fded552f01d08fcde42b75b9a59d1c9ec119c0c26efab772d
SHA3-384 hash: 3d22c9956c625d925ca74200cb15e40f1587311ddfba9addae7141fc79d56e77ea714e9ef5da4c3b6798bdc7b283d632
SHA1 hash: 4af8b82f2c737d45806339b4cc0d737b7b2a331c
MD5 hash: a7a94e6d58e8202ce592bba40a839db5
humanhash: fourteen-north-network-river
File name:ENQUIRE.bat.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2021-01-14 14:26:31 UTC
Last seen:2021-02-11 21:23:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c76eec294e27c64087a2fbc36ed5fe1f (2 x GuLoader)
ssdeep 768:F8A0DarSxxxxxxxU7Bixfo3kkGLLLLP3tfIN0n3cbSWcivynZjerLs8:GfgBixVLLLLP3Q0nsTxvsZjC
Threatray 762 similar samples on MalwareBazaar
TLSH 81636A42FD09CC32CB1A08712A19F2BD48252DF02F674D13B5957F6FBA7A7496B5023A
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
42
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ENQUIRE.bat
Verdict:
No threats detected
Analysis date:
2021-01-14 11:03:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9969c72b-5c13-43f7-8bb7-21cd0d254034

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111999/
Detection(s):
SecuriteInfo.com.Generic.mg.a7a94e6d58e8202c.21264.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/581356
Signature
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/922b6743cac4c11fded552f01d08fcde42b75b9a59d1c9ec119c0c26efab772d/
Threat name:
Win32.Trojan.VBCryptor
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 08:00:23 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sivwoq6kytar7xwvklyb2ch43zblow42lhi4t3artqgcn35lo4wq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0be5fa11ab4c6482cccddbc8eb111026c577cdf2b28ef6ee6c16bd34415d03a1
GuLoader
1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827
GuLoader
70bba4913ae90f045f4be502a8ccda7910f452485dc7365648e0665262cb931e
GuLoader
7ba1021aa7ca0d20da2e205ff413a3153f4f3bb444a8a2bdfc0d97d3348b84be
GuLoader
7f778b8e3a796983fed9752ce588632eaefcd06d0ddc0eb346869829a14fdd00
GuLoader
8657ccc1d28108a1b54a3daa4d72f80447da75c74c51726d5f4e9cbc14efff77
GuLoader
bfba96f9fe309c54e375e1e1e868aa2a729cbc6989c9494dc4d74628004c3dce
GuLoader
e1c6e44bb03c1cdab3844b42f46634bd578f896373e9467ca2b8d092d047eb71
GuLoader
e9bcebb30731ce1c7ecca26eb2d6a717caf06824fd834775e571d4f684f9d279
GuLoader
fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090
GuLoader
+ 752 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210114-newhrmllb2/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
922b6743cac4c11fded552f01d08fcde42b75b9a59d1c9ec119c0c26efab772d
MD5 hash:
a7a94e6d58e8202ce592bba40a839db5
SHA1 hash:
4af8b82f2c737d45806339b4cc0d737b7b2a331c
Link:
https://www.unpac.me/results/dcb2eb8b-0984-4933-9ab5-c49955e154c3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/922b6743cac4c11fded552f01d08fcde42b75b9a59d1c9ec119c0c26efab772d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/111999/

Comments