MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 938087389b02ec5d84f851272745beb0dbd672a0515addacbf640c228ed6c710. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	938087389b02ec5d84f851272745beb0dbd672a0515addacbf640c228ed6c710
SHA3-384 hash:	2a283990fc6b6ff2b0c00887f04da93b06d26e88903c6ae7aaf6acfa762bfcf93dac7b156720576baa751e92ecf8f572
SHA1 hash:	f8ad6efc2ca14ec00802390333f79088a1c463d3
MD5 hash:	3d94570fae0d4820efbcb895c39a6215
humanhash:	mars-iowa-orange-lion
File name:	Draft Contract.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	118'784 bytes
First seen:	2021-07-05 22:14:41 UTC
Last seen:	2021-07-07 17:46:18 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	773df40b486ba5eea01d9fbfa70abb4f (6 x GuLoader)
ssdeep	1536:1yeuBMP6AIDydiwPyb3CRZABYcUpQjs+/49GeDPtETjBz1jUG9flBepNslbb9Ogy:cBG6AIciwPuSRZ4YFaz/4XDS3LBmuh2
Threatray	5'138 similar samples on MalwareBazaar
TLSH	A0C35BA3F9C96C92EED14A7016B0D4767627BD3178535E1B3203BA6E7C34943A2B061F
Reporter	Anonymous
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

3

# of downloads :

182

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

Draft Contract.exe

Verdict:

No threats detected

Analysis date:

2021-07-05 22:18:55 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e05b2916-6b0d-489f-864d-fba416370378

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/169806/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.19493.18798.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/909e183c-b3aa-4e6e-8bab-b6926067e91e

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/811987

Signature

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/938087389b02ec5d84f851272745beb0dbd672a0515addacbf640c228ed6c710/

Threat name:

Win32.Trojan.Graftor

Status:

Malicious

First seen:

2021-07-05 18:45:58 UTC

AV detection:

9 of 29 (31.03%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=soaiooe3alwf3bhyketsorn6wdn5m4vakfnn3lf7mqgcfdwwy4ia._file

Verdict:

suspicious

Similar samples:

14eb827b600c3f7ccf2af766d0fec868e6b0467eba9264f19b75427f95ef7cfa

182b2d026edb387534dda66711ee6f9050bc8ed871d0ebb71a96f0b18498ba24

60fe4a1f0ed577bfa8d10195a3d1123b0a7ab551d3579686ee6ac6bc18282fe5

7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad

7e4bb8db363bbb2fdb438b89700166146671fca493247486d678cbff47bec727

8affd0d74b7fea47b03869e3fb44a1f76144b751503eac0d8c61c203f6a081f9

8b137dd6a6e551e04c153e201ee66fae098842c02f872897f02ff46d194cc5e3

9ad452c41af7ed761449a51cca42b89827921f70f564331a4eed7a191c37c325

c2544476ab17fd3fb816a97f08f16548a73c106cca80e1f5e185086d25a9f414

d4d22a42f8307b64ffeeaa26275000213a940c1792231db0911678d7bbb2cfb9

+ 5'128 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210705-fc2ghwzpmj/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Malware Config

C2 Extraction:

https://onedrive.live.com/download?cid=4775355831E91CD1&resid=4775355831E91CD1%215872&authkey=ACEV7QMALCe0P1w

Unpacked files

SH256 hash:

938087389b02ec5d84f851272745beb0dbd672a0515addacbf640c228ed6c710

MD5 hash:

3d94570fae0d4820efbcb895c39a6215

SHA1 hash:

f8ad6efc2ca14ec00802390333f79088a1c463d3

Link:

https://www.unpac.me/results/d4674479-6b36-4c18-8f0f-d4def169a120/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/938087389b02ec5d84f851272745beb0dbd672a0515addacbf640c228ed6c710

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Cape

Cape

https://www.capesandbox.com/analysis/169806/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample