MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abc97d710760f9449d691364d7ab0a7c3185f868625b8f05a8ab8facdebe54f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abc97d710760f9449d691364d7ab0a7c3185f868625b8f05a8ab8facdebe54f1
SHA3-384 hash: 4976c5d80e5fa019e3ed1617ad9ace19604afe96997f6bf7593e679a5b0887ab6e2f70c7da394ea0397fc55f8aa73b90
SHA1 hash: 3291179194f1af9937f9e06ff72586c604c6bc2b
MD5 hash: ccb092ded62c0a7ce793daa1873db0cb
humanhash: purple-michigan-nebraska-uncle
File name:ccb092ded62c0a7ce793daa1873db0cb.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2021-09-23 11:03:25 UTC
Last seen:2021-09-23 11:12:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 59f9582f251e861f2c149d17f4ba80d5 (4 x GuLoader)
ssdeep 1536:Zm+Fp/INAWumDNEoQ3AOoJtski0suyF/hz8Gi+u3IBZ:ZhvWf+R3ATB8W+u3OZ
Threatray 5'496 similar samples on MalwareBazaar
TLSH T10FC34A95B18CCFA0DD1156BE886AA6F70017BD34E8D08A07F2E87E5E7BBA1C15421F53
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ccb092ded62c0a7ce793daa1873db0cb.exe
Verdict:
No threats detected
Analysis date:
2021-09-23 11:05:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/313f88fc-36de-4818-b2f0-155ada3e5172

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/190725/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.28071.2275.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ad529ce4-8dbf-4e5b-be19-470d5fa6f513
Result
Threat name:
GuLoader Remcos
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/856804
Signature
C2 URLs / IPs found in malware configuration
Creates autostart registry keys with suspicious values (likely registry only malware)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Potential malicious icon found
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected GuLoader
Yara detected Remcos RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/abc97d710760f9449d691364d7ab0a7c3185f868625b8f05a8ab8facdebe54f1/
Threat name:
Win32.Trojan.VBObfuse
Create hunting rule
Status:
Malicious
First seen:
2021-09-23 08:48:21 UTC
AV detection:
15 of 27 (55.56%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
14eb827b600c3f7ccf2af766d0fec868e6b0467eba9264f19b75427f95ef7cfa
GuLoader
2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90
GuLoader
2e87815522531721634be2ef071b1292612fc7a8a07e785645c37eaf56e0a6e9
GuLoader
63349f5e1cb7e662593709d14ed76838362d5b81fd3efedf1b7b307f343fe377
GuLoader
7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad
GuLoader
8affd0d74b7fea47b03869e3fb44a1f76144b751503eac0d8c61c203f6a081f9
GuLoader
8fc65090e8226ef2777a06fa0c6a788c6b50dae704e5e2b7af4280a2cef730f8
GuLoader
93caf6c3cc38aa303bb304b80fb17e202c9420fc05b3a6d2de7da261791fa8f8
GuLoader
963043215c54f2a5b1ae6a53787ed78c838beb576e2744e304665f611c7fcb60
GuLoader
9ad452c41af7ed761449a51cca42b89827921f70f564331a4eed7a191c37c325
GuLoader
+ 5'486 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210923-m6axxaabb5/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
abc97d710760f9449d691364d7ab0a7c3185f868625b8f05a8ab8facdebe54f1
MD5 hash:
ccb092ded62c0a7ce793daa1873db0cb
SHA1 hash:
3291179194f1af9937f9e06ff72586c604c6bc2b
Link:
https://www.unpac.me/results/570615b0-64f8-4536-b306-3797db43bc22/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/abc97d710760f9449d691364d7ab0a7c3185f868625b8f05a8ab8facdebe54f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe abc97d710760f9449d691364d7ab0a7c3185f868625b8f05a8ab8facdebe54f1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1640582/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/190725/

Comments