MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372
SHA3-384 hash: 354909c29c1562d11e5c5c95fc316aae959902bd7d192242ce8a9384a38b21d7dd438bfb2973b188f28c46240601af23
SHA1 hash: 75b47964426a5e8fcc7bb14ddf2bab380e59eb7c
MD5 hash: c2600528c452e288a545c35659f9ce6f
humanhash: video-cardinal-xray-white
File name:c2600528c452e288a545c35659f9ce6f
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2021-07-08 08:35:46 UTC
Last seen:2021-07-08 09:46:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f6e083d868a135a07d80f02d2a01fccd (4 x GuLoader)
ssdeep 1536:W4xltu7uRhWixtTTwc83azy+OKjy5ClRZsGBVhR:D6uHxtQclzXJeClfsGD
Threatray 1'637 similar samples on MalwareBazaar
TLSH T177B34A4BB3D09DE6FCE10A391C31C1A11923FC3178879F1776C63A5EBC786217AA9A11
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ISO certificate.js
Verdict:
Malicious activity
Analysis date:
2021-07-08 06:42:14 UTC
Tags:
trojan loader
Link:
https://app.any.run/tasks/dcb86890-dee6-4e3d-a94e-392932eb87c1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/170371/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.15393.16906.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
REMCOS
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/438e610b-3d58-4c8f-932c-20ef14d29525
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/813329
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Creates autostart registry keys with suspicious values (likely registry only malware)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Installs a global keyboard hook
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses dynamic DNS services
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sq2tbdvrajga4elvhxbeck4sioxwtvzyral6hlv4lgskldzoynza._file
Verdict:
suspicious
Similar samples:
2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c
GuLoader
30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921
GuLoader
4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8
GuLoader
559ac9a08e2263a036dc045b7ad9e9bba2b5115de42ab57d75e5e6bb168ceeb9
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
6f06cf7295e9301a4358854569f7d53dcf77319a94a76b45e60ebc72b88c2087
GuLoader
9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4
GuLoader
9ba9dbccef86d6630e4db6c7538eb4043232c7f234c1377eacdaa6543d2b8af3
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
cc2739cc340e54819e37849b37727727b422a2567ab39f541108394dbe8fd98f
GuLoader
+ 1'627 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210708-pjsxp5a6as/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://onedrive.live.com/download?cid=D416D1B64F12090C&resid=D416D1B64F12090C%21116&authkey=ACchnlCZXoMgc20
Unpacked files
SH256 hash:
9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372
MD5 hash:
c2600528c452e288a545c35659f9ce6f
SHA1 hash:
75b47964426a5e8fcc7bb14ddf2bab380e59eb7c
Link:
https://www.unpac.me/results/f6900add-a6e0-45a9-a558-d2765ca54737/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1435617/
Cape
Cape
https://www.capesandbox.com/analysis/170371/

Comments


Avatar
zbet commented on 2021-07-08 08:35:48 UTC

url : hxxp://2.56.59.76/efryses.jpg