MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fe616b7f813e2de5c4ebf53b624e0f1577014aae677f9f73dc99d8c1b19d140. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9fe616b7f813e2de5c4ebf53b624e0f1577014aae677f9f73dc99d8c1b19d140
SHA3-384 hash: 2a804a26ffcafc8fe6931e188162423ca7d472cbd10b249a3b375b57c80554266b9433e330c20776bdcd51cf5c881636
SHA1 hash: c7433e4007bd14fa670225ce445d4a8c4240978d
MD5 hash: 0ca960983b44eae0099c20afa1f22a32
humanhash: avocado-louisiana-apart-lamp
File name:SecuriteInfo.com.Trojan.Win32.Save.a.29564.2998
Download: download sample
Signature GuLoader
Create hunting rule
File size:188'416 bytes
First seen:2021-07-12 11:54:55 UTC
Last seen:2021-07-12 12:42:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8ff36c360a089a7073436eb053f9f56c (2 x GuLoader)
ssdeep 3072:V/NYQY22ROevVqSO1w/jS7jWGK/fpxQ6VV/dG22qYQJ:VsHVe7KfFVl
Threatray 996 similar samples on MalwareBazaar
TLSH T156044A0C7FB1D8C5E4A9A7332462C67457223F60A9E5C65F223CB97F2B313C264A5326
Reporter SecuriteInfoCom
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Win32.Save.a.29564.2998
Verdict:
No threats detected
Analysis date:
2021-07-12 11:58:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bf5dfd21-a2b0-40a7-bc9f-77f8d6a4efb0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171063/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.29564.2998.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a33b7eb1-4609-4bf4-b629-694aa1b3606f
Result
Threat name:
GuLoader Lokibot
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/814805
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
GuLoader behavior detected
Hides threads from debuggers
Tries to detect Any.run
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Lokibot
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9fe616b7f813e2de5c4ebf53b624e0f1577014aae677f9f73dc99d8c1b19d140/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-12 11:55:05 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t7tbnn7ycprn4xcox5j3mjha6flxaffk4z37t5z5zgoyygyz2faa._file
Verdict:
suspicious
Similar samples:
0a682307d22d40a846815f740a4d827f3ffb63f93868de95da5d17a628c00f39
GuLoader
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
4bbbdca53bbe4ce27fc929968933f482e17a3161abaf8d7bc06cc06b5a5d1b7b
GuLoader
6785bb7e30144c967cf7c9c905f2bbae99951ac320d5d30d63e11a30242d3547
GuLoader
81be23ce8636c948e1ac5c966ee5c34f738f8dc20aa85acedbca48f92e1ff363
GuLoader
8fa25253be84f6b1e560ff5a2e59e25dbb1664d771229073e66fad3335d74fd0
GuLoader
9bc42c118c6cc7a45c18fc844e0e132c28cfe4f90380f8a6e1305a798b3d15fb
GuLoader
f5e259dd4c72111e39df8ac18a4e3307e95e701a552d1c96faa648bc094ae468
GuLoader
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
GuLoader
+ 986 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210712-v1tssc17da/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
9fe616b7f813e2de5c4ebf53b624e0f1577014aae677f9f73dc99d8c1b19d140
MD5 hash:
0ca960983b44eae0099c20afa1f22a32
SHA1 hash:
c7433e4007bd14fa670225ce445d4a8c4240978d
Link:
https://www.unpac.me/results/b328062b-da55-489b-8b73-f3ca92e4ba20/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9fe616b7f813e2de5c4ebf53b624e0f1577014aae677f9f73dc99d8c1b19d140

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/171063/

Comments