MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b05b832ba690f4fee5cb0c810f9a329592ef5736a01f77d2190d7d7d24fe9a0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b05b832ba690f4fee5cb0c810f9a329592ef5736a01f77d2190d7d7d24fe9a0c
SHA3-384 hash:	75d4df97bef36c91c842670dfdde014a6a447570d23f4489b0f10ae3ef9c65d8e9018592b5c1c09b7b5df27df716a3a8
SHA1 hash:	94b3b830fa2cdbef62306d497e90a381625b795b
MD5 hash:	8056c1da01723959661caf103a001271
humanhash:	magazine-monkey-apart-hamper
File name:	SecuriteInfo.com.__vbaHresultCheckObj.32398.19981
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	230'520 bytes
First seen:	2021-08-11 09:51:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6b2c11cfb39c06809475cfa1f065a769 (2 x GuLoader)
ssdeep	1536:cvO0b3VUKXBzmF9cyUQNdxyTEG0DGpVOppH1sWTmFHyCWCZ:0O0VRXBzbyjxSEG4GpkH1pTUHbWCZ
Threatray	5'312 similar samples on MalwareBazaar
TLSH	T182345B527394E92EF9278B70DBB0C5B60CE93C3786C4465BFA08BE512B3169038646F7
dhash icon	b8f6677678c8811d (1 x GuLoader)
Reporter	SecuriteInfoCom
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

216

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

DB62198W.CNT.xlsx

Verdict:

Malicious activity

Analysis date:

2021-08-11 08:23:35 UTC

Tags:

encrypted exploit CVE-2017-11882 loader

Link:

https://app.any.run/tasks/921bc505-14ca-4feb-9185-03aa6778b3a9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/178172/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.32398.19981.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/2a983249-70e9-47a1-9c8c-7835ca46c889

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad.spyw

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/830795

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

GuLoader behavior detected

Hides threads from debuggers

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected Generic Dropper

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b05b832ba690f4fee5cb0c810f9a329592ef5736a01f77d2190d7d7d24fe9a0c/

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2021-08-11 07:56:33 UTC

AV detection:

6 of 46 (13.04%)

Threat level:

5/5

Verdict:

unknown

GuLoader

6836eb2e60ef429ec1f20100cb16b1dc65b64938a7e9cc8ea0a706a699620bfa

GuLoader

97fee7e2c533d7ad3854cd92d9d2dbcddeb3b08e3e0cb14214b431d3970cda45

GuLoader

a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66

GuLoader

aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14

GuLoader

d54cafc1ca36d0ddd134f53d033ebbaaa490721d62d4168106a9b6c7cfa200ba

GuLoader

e1e293cbd9c3deeabfdea61324e45217067414499d34ab8c6add548bb8c926ec

GuLoader

f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226

GuLoader

+ 5'302 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210811-emfvm35kjj/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

b05b832ba690f4fee5cb0c810f9a329592ef5736a01f77d2190d7d7d24fe9a0c

MD5 hash:

8056c1da01723959661caf103a001271

SHA1 hash:

94b3b830fa2cdbef62306d497e90a381625b795b

Link:

https://www.unpac.me/results/5f07734a-d828-4f2e-a6a8-6b068d41654a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/b05b832ba690f4fee5cb0c810f9a329592ef5736a01f77d2190d7d7d24fe9a0c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe b05b832ba690f4fee5cb0c810f9a329592ef5736a01f77d2190d7d7d24fe9a0c

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1524196/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/178172/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample