MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e313db794797641d0c55ff15c1f663e13893bb443bb84e0dd212f8a7aeca598. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e313db794797641d0c55ff15c1f663e13893bb443bb84e0dd212f8a7aeca598
SHA3-384 hash: 770632ecea694482ada290ac64c24ecb69125693cc8f7f79691f3ad3ece6319d62e8654fc2a5a3aafbb59b811e585a45
SHA1 hash: 24fda0a361ddb3bac961c84f4b55a532bc2061c6
MD5 hash: 11c73e45f8dbbb9aa1162c044e83a8b8
humanhash: zulu-nuts-michigan-west
File name:PO-19052021.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:151'552 bytes
First seen:2021-05-20 06:36:18 UTC
Last seen:2021-05-20 07:07:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d00a665e648973e6c95b0b17a393439c (2 x GuLoader)
ssdeep 3072:H+I17RaHyfgmsowqOuAn49JL9eIjsrqolIzPY+2UWnlM/cY/lmToQSbUMxNX:Hb7RaHyfgmsownuA4fpeIjsrqolIzPYW
Threatray 1'749 similar samples on MalwareBazaar
TLSH C0E35C0AB2708627F161C072C43BD3BD12E67C346C4A8E0BB7567FAF79B26930999157
Reporter lowmal3
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO-19052021.exe
Verdict:
No threats detected
Analysis date:
2021-05-20 06:41:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fc2d8465-60f8-42be-a1d5-cb7712fcd614

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/159415/
Detection(s):
Win.Malware.Mucc-9863344-0
Create hunting rule

Win.Packed.Mucc-9863348-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows directory
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/785838
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9e313db794797641d0c55ff15c1f663e13893bb443bb84e0dd212f8a7aeca598/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-05-20 00:49:37 UTC
AV detection:
20 of 47 (42.55%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tyyt3n4upf3edugfl7yvyh3ghyjyso5uio5yjyg5eexyu6xmuwma._file
Verdict:
unknown
Similar samples:
12e42bff4fa377032623342ac1f23a5c87225a40ef8b900cbb06ae4bd203864d
GuLoader
22b13820a6139c7682d5e1108aefde2200dc593e14fe7fca28eb27d5e616bef7
GuLoader
34a666042ff3ad45f4e1e37776cc55d4f4fdd1bcd8233852839d55fc076410d1
GuLoader
39874f3eb3d660ef8af1c02af08ddfa4d3dc14aedf2c216e3e1f8639813bf2e1
GuLoader
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
GuLoader
5e74833e8f9a6e8a92cca35de25fb0d6b68c84d0bc22b9c939b51737acb83494
GuLoader
6147decc439b9d258f5b19f77dfa47ea441e681c49e0b699533eea18104f4092
GuLoader
c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3
GuLoader
c943a100bc29344a690516900fd3fc830c0af1646499ade9e082e76cdf45901f
GuLoader
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
GuLoader
+ 1'739 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210520-x65rbjjsce/
Behaviour
Suspicious use of SetWindowsHookEx
Drops file in Windows directory
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://drive.google.com/uc?export=download&id=1Hrl1bMiSWwgcE51Qxy_z3t5ztlkmQZIb
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9e313db794797641d0c55ff15c1f663e13893bb443bb84e0dd212f8a7aeca598

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 9e313db794797641d0c55ff15c1f663e13893bb443bb84e0dd212f8a7aeca598

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/159415/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-20 07:00:00 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009.029] Anti-Behavioral Analysis::Instruction Testing