MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abd1efbc5426f71f61487986b017c56c6e4d88a7c059cb77284b30607965722f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	abd1efbc5426f71f61487986b017c56c6e4d88a7c059cb77284b30607965722f
SHA3-384 hash:	b1ad864604e617c64bfa3420a0dd2c507919dcc01764305986714c3fc590b091608e888dcc6e96136700cf9f1a49e472
SHA1 hash:	229064b298fffb750532b273d6ef35932f2bcfd0
MD5 hash:	408e7f789621f8037694355b106df151
humanhash:	princess-table-cold-king
File name:	AQT.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	106'496 bytes
First seen:	2021-02-17 10:19:42 UTC
Last seen:	2021-02-17 11:57:37 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	28cfb83efbb0b6bd426b66f31651da5c (16 x GuLoader, 1 x RemcosRAT)
ssdeep	1536:eUEkJhROLVrptHTzwdW6P6qjqMiBIiY5E0T:9qL2iqjn
Threatray	4'674 similar samples on MalwareBazaar
TLSH	F4A3D772B170D9F6D14480714126F7AC091BBF324444AE1FB9CD7A5E5E7BAE2A4C4E0B
Reporter	stoerchl
Tags:	GuLoader RemcosRAT

Intelligence

File Origin

# of uploads :

2

# of downloads :

131

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Guloader

Link:

https://www.capesandbox.com/analysis/117568/

Detection(s):

SecuriteInfo.com.Variant.Razy.843298.14576.20840.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/610103

Signature

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Yara detected VB6 Downloader Generic

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/abd1efbc5426f71f61487986b017c56c6e4d88a7c059cb77284b30607965722f/

Threat name:

Win32.Trojan.Razy

Status:

Malicious

First seen:

2021-02-17 10:20:07 UTC

AV detection:

16 of 29 (55.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vpi67pcue33r6ykipgdlaf6fnrxe3cfhybm4w5zijmyga6lfoixq._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

0f73e9d58b85ae9061722f0720ab2f76f9884042b9ac260e5c102564d4572004

1030855f4fc2a6abc876f5528638a6bc86b4380f879ba6545b99460387e2d8d9

233e70b105e8fe2f1e9a41b68f380359c8666cea3d9d587ec2ec823cdda2a330

2871ff5b986f5c582a3468cf2a6210dad8216a164b0affd7c6b11e8ef69761ec

3cbf0aeafec688023948cad7bf7475270ba9cb1acb0078cf1a9d6288f2751a20

5c8356172fa558970b2136a5284da800910c0fef74a75a7eb160874ed3edeec2

6912ec55af4079f5ed9b08502d37c0164e833a05c5ed275c6328e745016ec3e8

91db926d13bb0137347991e30a1ccd093e535ff375e102bfd44d9aae15650d21

bbab8de2b5423859a65ec7bd98d6200c7e82798851c6fbb48bac1119da8bb5ed

deb7f6e76d0d27a58d7eb53380b8f399d81caa842fe188830327b9aad82afdb0

+ 4'664 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210217-fxpx3wlebs/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

abd1efbc5426f71f61487986b017c56c6e4d88a7c059cb77284b30607965722f

MD5 hash:

408e7f789621f8037694355b106df151

SHA1 hash:

229064b298fffb750532b273d6ef35932f2bcfd0

Link:

https://www.unpac.me/results/5c688553-a43f-4ee1-9081-6d06a5d4a4b8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/abd1efbc5426f71f61487986b017c56c6e4d88a7c059cb77284b30607965722f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe abd1efbc5426f71f61487986b017c56c6e4d88a7c059cb77284b30607965722f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1015551/

Cape

Cape

https://www.capesandbox.com/analysis/117568/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample