MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c
SHA3-384 hash: 69be52240bb2d622856e46e86cfb82f7d7e6b76eeff6e12d5d0edbf922f5b996b7ea7eb41f21a6e70132df2acda07129
SHA1 hash: f339c0a5ab3a3a40cf5d9ae5753c2e5a3ab80f5d
MD5 hash: 10cd865c5ece278cad7c4bc881944d6e
humanhash: music-uncle-rugby-angel
File name:10cd865c5ece278cad7c4bc881944d6e
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2021-08-13 13:11:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b947ef57db12504396f2fb768b954d80 (5 x GuLoader)
ssdeep 1536:Pz+JBa3z5+1v1rIzB7wT0OrPvEwYS89y94J0GGrweHkKN:yJ43z5Cv1rS7w9rPC4HB
Threatray 3'809 similar samples on MalwareBazaar
TLSH T199B329F4B6F29449F1B9873D1737E26BC5937863680DAA0F3428A7185132B8D5760F2B
dhash icon 8000f2e8ccd4e8ba (5 x GuLoader)
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
222
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
10cd865c5ece278cad7c4bc881944d6e
Verdict:
No threats detected
Analysis date:
2021-08-13 13:15:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2d6fab3b-589e-44dd-a4d1-41e1e3ce40ac

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/178984/
Detection(s):
Win.Packed.Fragtor-9884196-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Sending a UDP request
Launching a process
Creating a process with a hidden window
DNS request
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/307ddf7f-0c16-444d-9ebd-492e89f1889e
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/832424
Signature
Found malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c/
Threat name:
Win32.Trojan.VBObfuse
Create hunting rule
Status:
Malicious
First seen:
2021-08-06 17:06:34 UTC
AV detection:
32 of 47 (68.09%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0523c9c53027d822021a5b2bad5d216461c060396944da4bf8cd6cc1963deebb
GuLoader
0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083
GuLoader
2bf17b827e1be1f3a8b305a4e215347d08d32ccac5eb4028d49391b30c6ac4a7
GuLoader
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
GuLoader
6785bb7e30144c967cf7c9c905f2bbae99951ac320d5d30d63e11a30242d3547
GuLoader
815b5f62adb35607df07859bfd1b75763bf525643e7f21d5a0f8803dd0e86be4
GuLoader
8653a11ee811265418a3b6f12945c585b77aea72f02b2d80f481c1100d895299
GuLoader
a76f692240be874358bd241860d2f492eca687f44e0bffade3b631ccf142117d
GuLoader
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
GuLoader
fdbd4ab43b66094471908c19e02c0e981c6c870ee546c53d31165936b5791596
GuLoader
+ 3'799 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:guloader downloader keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210813-zw4za1rtpa/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Guloader,Cloudeye
Unpacked files
SH256 hash:
afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c
MD5 hash:
10cd865c5ece278cad7c4bc881944d6e
SHA1 hash:
f339c0a5ab3a3a40cf5d9ae5753c2e5a3ab80f5d
Link:
https://www.unpac.me/results/51390fd0-41fa-42aa-aee4-1e2aaffbbbe0/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/afc7d530c112/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1530755/
Cape
Cape
https://www.capesandbox.com/analysis/178984/

Comments


Avatar
zbet commented on 2021-08-13 13:11:42 UTC

url : hxxp://ladygagaagogo.com/g5/RFQ.exe