MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa70c51a1df950f7b8406f4599a7e3bb89bc61fec570fc0e3a53826d42cbf13c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa70c51a1df950f7b8406f4599a7e3bb89bc61fec570fc0e3a53826d42cbf13c
SHA3-384 hash: 748de3d6b5f081687e84194cf95334f309f53fac7708360cc3984d940b73c8d27e1a9a803fef7e7535ebda7c61c917b6
SHA1 hash: 8e5c1a3ca8e4b5cd7c43cd7f0acbc40a09cefbef
MD5 hash: db7cc0b29cf38b5ed2a176c0043b2a58
humanhash: fish-purple-victor-seven
File name:Order-078CNLTD.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:294'912 bytes
First seen:2021-06-14 06:48:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fd5523c2b03dc52202311eff5bcab494 (2 x GuLoader)
ssdeep 3072:VO64I415+Uznrw1JmTgxViFJqryHbQbZ:Q64I4HHz0oym7
TLSH 6A547272F356FF29E45680B0E516C4B5903FB4727709642B93833A65F0BCF50AA36B1A
Reporter lowmal3
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Order-078CNLTD.exe
Verdict:
No threats detected
Analysis date:
2021-06-14 06:50:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2621e675-6329-4af3-b206-e0707d524ca8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Porcupine.Win32.Injector.EPLO.100605.UNOFFICIAL
Create hunting rule

Win.Malware.Filerepmalware-9868101-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/25ee7574-dc81-43cd-8424-b2b18b61a03b
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/801574
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa70c51a1df950f7b8406f4599a7e3bb89bc61fec570fc0e3a53826d42cbf13c/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-06-02 09:32:11 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vjymkgq57fippocan5cztj7dxoe3yyp6yvypydr2kobg2qwl6e6a._file
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210614-k7ax5lldvs/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://andreameixueiro.com/TODAY_tRiyv97.bin
Unpacked files
SH256 hash:
aa70c51a1df950f7b8406f4599a7e3bb89bc61fec570fc0e3a53826d42cbf13c
MD5 hash:
db7cc0b29cf38b5ed2a176c0043b2a58
SHA1 hash:
8e5c1a3ca8e4b5cd7c43cd7f0acbc40a09cefbef
Link:
https://www.unpac.me/results/d7e334f2-0c17-45d9-bb64-90577bae7449/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aa70c51a1df950f7b8406f4599a7e3bb89bc61fec570fc0e3a53826d42cbf13c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe aa70c51a1df950f7b8406f4599a7e3bb89bc61fec570fc0e3a53826d42cbf13c

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments