MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a027ffd5e1a6a48fba1e12ac27b37f6d54ebe47a02a9111c3986e0747ea4e12b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	a027ffd5e1a6a48fba1e12ac27b37f6d54ebe47a02a9111c3986e0747ea4e12b
SHA3-384 hash:	7d19e611417da01ac46fd5314d4c900f862feecfd1869c72195d0f52cb8505c04261c6b3b89b4b9992139b4ac89336bb
SHA1 hash:	c85c94d8453078095ca3b323eb56d0f8b0fa4e0e
MD5 hash:	1551fb9eddac04031235a7cf8fb028cc
humanhash:	september-nineteen-may-eight
File name:	1551fb9eddac04031235a7cf8fb028cc.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	146'759 bytes
First seen:	2023-05-03 10:46:51 UTC
Last seen:	2023-05-03 11:41:26 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	93dfc16ed07ebeb5b405221f10d12c0e (30 x GuLoader, 4 x RemcosRAT, 1 x AgentTesla)
ssdeep	3072:Mmsi1pHq8okPTFt1ldSo5rX/3kKBf6Mb4QznteWxavdwXjDf:Xs+K8okht1l55r8KBR4QTUgkyvf
Threatray	30 similar samples on MalwareBazaar
TLSH	T1CAE30296FFC184F3FD9719700C377B875B72F52920245A0BE7AC6E4769A0B412E22391
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter	abuse_ch
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

284

Origin country :

NL

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

1551fb9eddac04031235a7cf8fb028cc.exe

Verdict:

Suspicious activity

Analysis date:

2023-05-03 10:50:50 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1f17341a-c0c6-42b8-9d18-0d4b291306b6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/386241/

Detection(s):

SecuriteInfo.com.Win32.InjectorX-gen.18584.258.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Creating a file in the %temp% subdirectories

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/64523bad463eacbc57dbb531/reports/dd90ed9e-03e7-4415-a727-dba67dcd24ba/overview

Verdict:

Malicious

Labled as:

Win/grayware_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/a027ffd5e1a6a48fba1e12ac27b37f6d54ebe47a02a9111c3986e0747ea4e12b

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Sysinternals

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/c332880c-299a-42a6-a58f-b6e12c1c345a

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1225254

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a027ffd5e1a6a48fba1e12ac27b37f6d54ebe47a02a9111c3986e0747ea4e12b/

Threat name:

Win32.Trojan.InjectorX

Status:

Malicious

First seen:

2022-10-25 21:20:16 UTC

File Type:

PE (Exe)

Extracted files:

1

AV detection:

7 of 37 (18.92%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uat77vpbu2si7oq6ckwcpm37nvkoxzd2akurchbzq3qhi7ve4evq._file

Verdict:

unknown

Similar samples:

1cd3cee13fd4653e084327ebf599147a9bcddf5213b332ae928f63f551d3b3f0

2a6ce3844cb0426fefb02d57bbb8eab576d0f089231c61aa1293cf0028d1db85

4156f1bd9f23e8d19b26225f373b4d76e0088fcadb14b59fbe791d11127795e7

6ec684964e715bd7b62ec19904871853f5be9bf40dcd835c230ced852f24cc34

79e1fc85396ae65e8431f8ceb92fefb5ec396381840d830c415ea2d81cb78a49

f65e518f76a18d65bdc59a8e942cb1ff660568440f3abe7b312be1de4b8330c8

f6abe7db0c36a39bf0c72dd5361c5d16b6e99496f9317e017c521a15a82e17d6

+ 20 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/230503-mvkyqsed37/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Enumerates physical storage devices

Loads dropped DLL

Unpacked files

SH256 hash:

764407252ac21515e867073735866b672f426788dc66700e71048764a3ba5287

MD5 hash:

01e4c725b917ba7cb7b9aed4aa3e079c

SHA1 hash:

6aa9b8593cd619318666ec68e2257f56357db72a

Link:

https://www.unpac.me/results/043ed017-a3bd-4fd0-8484-457976a1679c/

SH256 hash:

a027ffd5e1a6a48fba1e12ac27b37f6d54ebe47a02a9111c3986e0747ea4e12b

MD5 hash:

1551fb9eddac04031235a7cf8fb028cc

SHA1 hash:

c85c94d8453078095ca3b323eb56d0f8b0fa4e0e

Link:

https://www.unpac.me/results/043ed017-a3bd-4fd0-8484-457976a1679c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a027ffd5e1a6a48fba1e12ac27b37f6d54ebe47a02a9111c3986e0747ea4e12b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/386241/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample