MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a76f692240be874358bd241860d2f492eca687f44e0bffade3b631ccf142117d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	a76f692240be874358bd241860d2f492eca687f44e0bffade3b631ccf142117d
SHA3-384 hash:	e81a6ca75221fcb1adb836072ba9fbb7b26eb5a0778abc38550c757f81ae74bd861e4585bc8c8f074bc29aaa1c559e84
SHA1 hash:	7c2ab7ece17e59b3fc47d9a14e78a9245ca6b5c3
MD5 hash:	41d7562af1208ea4743ce1ed5cd04029
humanhash:	river-august-cup-lemon
File name:	LISTA DE ORDEN_PDF.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	151'552 bytes
First seen:	2021-05-20 06:41:49 UTC
Last seen:	2021-05-20 07:06:08 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d00a665e648973e6c95b0b17a393439c (2 x GuLoader)
ssdeep	1536:TTEvVbJks3OdPZq+sVSF/SxvhpixqodCoQSbUN+30JkXeTEv:e+IK8YkvUxqJoQSbUNCNX
Threatray	1'409 similar samples on MalwareBazaar
TLSH	1EE36C4A78285023E150C233E5A199FE9D96BD65188BCF13FF003BEBF6717D3299512A
Reporter	GovCERT_CH
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

168

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

LISTA DE ORDEN_PDF.exe

Verdict:

No threats detected

Analysis date:

2021-05-20 06:44:36 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1d337750-f1ca-439e-8398-b6dd8571e130

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/159417/

Detection(s):

Win.Malware.Mucc-9863344-0

Win.Packed.Mucc-9863346-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows directory

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/785849

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found malware configuration

Initial sample is a PE file and has a suspicious name

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a76f692240be874358bd241860d2f492eca687f44e0bffade3b631ccf142117d/

Threat name:

Win32.Trojan.Graftor

Status:

Malicious

First seen:

2021-05-20 00:33:45 UTC

AV detection:

24 of 46 (52.17%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=u5xwsisax2dugwf5eqmgbuxuslwknb7ujyf77lpdwyy4z4kccf6q._file

Verdict:

suspicious

Similar samples:

0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083

3cbf0aeafec688023948cad7bf7475270ba9cb1acb0078cf1a9d6288f2751a20

414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65

815b5f62adb35607df07859bfd1b75763bf525643e7f21d5a0f8803dd0e86be4

8653a11ee811265418a3b6f12945c585b77aea72f02b2d80f481c1100d895299

8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047

9e313db794797641d0c55ff15c1f663e13893bb443bb84e0dd212f8a7aeca598

c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3

deb7f6e76d0d27a58d7eb53380b8f399d81caa842fe188830327b9aad82afdb0

f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b

+ 1'399 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210520-wsr291j1cj/

Behaviour

Suspicious use of SetWindowsHookEx

Drops file in Windows directory

Guloader,Cloudeye

Malware Config

C2 Extraction:

https://drive.google.com/uc?export=download&id=1r-J6wxner-rk7Gt2xRxecJf1m9KqvSyd

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

GuLoader

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a76f692240be874358bd241860d2f492eca687f44e0bffade3b631ccf142117d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe a76f692240be874358bd241860d2f492eca687f44e0bffade3b631ccf142117d

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/159417/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample