MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99c1a96121410c61014d0115983f43fad64acc77d21914a9fb9e3c6ba262627a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99c1a96121410c61014d0115983f43fad64acc77d21914a9fb9e3c6ba262627a
SHA3-384 hash: db747cc997591b57db8690a4d45836482302fea3ae3cde239f94d9d831227727437cbbb45169018696d2f852cd88f229
SHA1 hash: d70b73a10e45d9569da0dc44f99d49b7cb886959
MD5 hash: 326f29a347549e64c9510a1e0bd6d043
humanhash: nitrogen-fish-fruit-vegan
File name:justificante de la transfer.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2021-09-29 11:10:23 UTC
Last seen:2021-09-29 12:52:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 71d5a9f33de2f7c250bf122de57cb463 (2 x GuLoader)
ssdeep 1536:8h0ZHEAZsxq4zf8JoJ5pn2dUAh8R+4ZMLoflfjxQ8dUw7K1LjP9L:8hYSxJJ5F2dzh8QmM0flfFQ8dUwyLz9
Threatray 5'563 similar samples on MalwareBazaar
TLSH T193C3F64795356D2BC4B3BAFBD705826E210D38E716D0494616C4BB1BAE27CBB38A3D06
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter pr0xylife
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
justificante de la transfer.exe
Verdict:
No threats detected
Analysis date:
2021-09-29 19:50:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/543cfd3d-1632-421d-954a-ab70790ddf44

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/193108/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.25546.28962.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0497c14d-0061-47fa-8669-241df6d5b552
Result
Threat name:
AgentTesla GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/860960
Signature
Antivirus / Scanner detection for submitted sample
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Found malware configuration
Hides threads from debuggers
Installs a global keyboard hook
Multi AV Scanner detection for submitted file
Potential malicious icon found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected AgentTesla
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99c1a96121410c61014d0115983f43fad64acc77d21914a9fb9e3c6ba262627a/
Threat name:
Win32.Trojan.VBObfuse
Create hunting rule
Status:
Malicious
First seen:
2021-09-29 11:11:03 UTC
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tha2syjbieggcaknaekzqp2d7llevtdx2imrjkp3ty6gxitcmj5a._file
Verdict:
malicious
Similar samples:
25b1b9c09860911a5e932106bda457849099223f19ee11fca9076c47bb837a67
GuLoader
2c2b9e423c5ae9ef99565d76a6d7d4b6d5e394f523539b447a633c803e9372a3
GuLoader
41ab72f9ce1e64f569029d8b3f8c2fdf680fb75113b8d7451bc8d988cd5f6bd2
GuLoader
548aefb935e11a84133bd8b3d367d988b9ad2e3bde7f4c0fffcf6a94b529be72
GuLoader
576c45faf084a4f7d282e460ee207cd9a6dc269444701ee211f9aeb7879efc35
GuLoader
73b83d70f24909aea7920a86029b43198979d7e31ab768619371e12fc7399f93
GuLoader
8179d2c371934e7f748fdf033d96a3b527158348e87ec21f1576136ede5d2d17
GuLoader
d6857aa5fd52de7b5f61da1d7556c2aa04ca9040fbd399ab797b927fc06aef12
GuLoader
f5502d660f4b1f1110b7ba4fd0eab36ec5b44ff97c12b146a48ff8e38efa4745
GuLoader
+ 5'553 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210929-m99kmseggq/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
99c1a96121410c61014d0115983f43fad64acc77d21914a9fb9e3c6ba262627a
MD5 hash:
326f29a347549e64c9510a1e0bd6d043
SHA1 hash:
d70b73a10e45d9569da0dc44f99d49b7cb886959
Link:
https://www.unpac.me/results/c27ceb58-5aab-4db1-866a-8e55e578727d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/99c1a96121410c61014d0115983f43fad64acc77d21914a9fb9e3c6ba262627a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/193108/

Comments