MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad5041c1b23fcd40d3eee9484b7b1de36f3a0f88154f17271808afe7160b4579. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad5041c1b23fcd40d3eee9484b7b1de36f3a0f88154f17271808afe7160b4579
SHA3-384 hash: e0160bfb22435a94d3d24033e5ea86480e3fc5652c3263ba207e636c253e46115265f4568fd49071f8759ebabf199d2a
SHA1 hash: e9f6659f4df2b8c72fe961bbe94723f5c294c7e7
MD5 hash: 2c463f7c03f8264a1b9ad8e9bc8721a7
humanhash: louisiana-gee-red-lima
File name:2c463f7c03f8264a1b9ad8e9bc8721a7.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2021-02-01 09:48:57 UTC
Last seen:2021-02-01 11:38:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 179dd1771e0dec0f9bcd6a4ea0dd18a8 (1 x GuLoader)
ssdeep 768:wvBbIxLTbDNfRpRKM6kgVQrWeHBVjQx4ciEcfpFcMTiMgxiIjCt2Cdi:q2rrWeHBRVHLc+nzt2Co
Threatray 643 similar samples on MalwareBazaar
TLSH 73530861A3C0F137C657CAB17B1541784047BC3C5A19CB23B858EA2B1E369EAF567B0B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://ktb.sch.id/wp-includes/bin_LgzSQ19.bin
http://103.141.138.118/bin_LgzSQ19.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Vietcong Order February.xlsx
Verdict:
Malicious activity
Analysis date:
2021-02-01 07:44:40 UTC
Tags:
encrypted trojan opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/46b3f61f-00c5-4d9b-a7bc-dd9e30fdd167

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/114455/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/595234
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ad5041c1b23fcd40d3eee9484b7b1de36f3a0f88154f17271808afe7160b4579/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vviedqnsh7gubu7o5feew6y54nxtud4icvhrojyybcx6ofqliv4q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0cb0059baf3983db9857ea71e6bff0a572c42b2badd00bffe78ff1fdf6a1c007
GuLoader
1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827
GuLoader
1e5ae0cad52869f12ca373c2e29ab46758f723060291f611fd6e1512ac0480aa
GuLoader
42ecc2b3aad37d4d989281694245818a2e1ae209a2408dc36e359f09687de43b
GuLoader
7c328b51dbd9e7fb96ca2ed21358fd5112c809f9666f9287b55927302c7ac1ea
GuLoader
8780cfbde0db4996b68e320d9d2576f39a2d7f99a8ed60ba0c4e543f17801bd9
GuLoader
922b6743cac4c11fded552f01d08fcde42b75b9a59d1c9ec119c0c26efab772d
GuLoader
a34a05f4fba031be97dcc4bb04e0e45a75d1034cd2d32177b26a65de7a1306a0
GuLoader
e1c6e44bb03c1cdab3844b42f46634bd578f896373e9467ca2b8d092d047eb71
GuLoader
f573cf3eed6dc5635fd82f657a0912c151e2762188e71d161bf173bd40abaa3d
GuLoader
+ 633 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210201-wr6sf9v8m2/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
ad5041c1b23fcd40d3eee9484b7b1de36f3a0f88154f17271808afe7160b4579
MD5 hash:
2c463f7c03f8264a1b9ad8e9bc8721a7
SHA1 hash:
e9f6659f4df2b8c72fe961bbe94723f5c294c7e7
Link:
https://www.unpac.me/results/fa68bc1e-45aa-4d6c-a904-9e5ba59f0524/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ad5041c1b23fcd40d3eee9484b7b1de36f3a0f88154f17271808afe7160b4579

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe ad5041c1b23fcd40d3eee9484b7b1de36f3a0f88154f17271808afe7160b4579

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/986190/
  
URLhaus
https://urlhaus.abuse.ch/url/986134/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/114455/

Comments