MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b54efef8396314c1f95d540ce7d0ca79f9c8c98e431c6dd177ecf037167957de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b54efef8396314c1f95d540ce7d0ca79f9c8c98e431c6dd177ecf037167957de
SHA3-384 hash: 4d52f0ce39b1e4bb76f7691704ad3a9db0260292d6bfeefa4f80a606f7a98096d5151d45f970ab7896172633441f3183
SHA1 hash: 5363b8b0e9bd91b5380f1d1f42f39f551d99aa2a
MD5 hash: 608d5496256acbf5cfc93f4958333160
humanhash: king-leopard-muppet-robert
File name:pago de factura pendiente.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2021-10-07 11:58:26 UTC
Last seen:2021-10-07 13:13:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d0ac0bdf3a5152bcac064d77eed21690 (9 x GuLoader, 1 x Gozi)
ssdeep 3072:tgs7G8QovC7K6oLGP18y1ug9DNBYenlTERzh/jrVB:th7jQovC7KbS98yJkLrVB
Threatray 958 similar samples on MalwareBazaar
TLSH T13EE305D1B5CD8536C402E0BF2B7F9467AB1C7C3304406A93B28E2B85D7B12EA69F5356
File icon (PE):PE icon
dhash icon 00e0d282d2d200c2 (9 x GuLoader, 1 x Gozi)
Reporter abuse_ch
Tags:ESP exe geo GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
pago de factura pendiente.exe
Verdict:
No threats detected
Analysis date:
2021-10-07 12:45:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/844fbda4-1c58-435c-8e4f-ce2b6547ac4c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/195832/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.21471.29702.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/615ee10898a6280f39339eeb/reports/2efbb30b-1b60-4817-8c50-e77ff916299a/overview
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2749c437-5c31-4590-a5d7-09290e369e8c
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/866377
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b54efef8396314c1f95d540ce7d0ca79f9c8c98e431c6dd177ecf037167957de/
Threat name:
Win32.Trojan.InjectorAGen
Create hunting rule
Status:
Malicious
First seen:
2021-10-07 11:59:03 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wvhp56bzmmkmd6k5kqgopugkph44rsmoimog3ulx5tydoftzk7pa._file
Verdict:
unknown
Similar samples:
148588102731dd9742cd698c882b48c4b49cbfdd868647a83a15a0cbb1f0c8ca
GuLoader
1bff56f04d07e60d4e7b628c6942a9b1476c4d9ad5c20cc97d8330b7cb7fa864
GuLoader
6876aa707adeeffbe08d86d26c6cf48b8d77d46c96f8ace28a523b0a846db38f
GuLoader
8bd2088df673c9e9ee6227a521bcadce468a7e9e0b6a7f6a462c20fc19a3d4bd
GuLoader
99b13841abbf0c2bf736ab08e0e7f48cd28cab2e69eff60399de65e0eced2e68
GuLoader
9c81bbf1bc2ab2eaac0c64e9b2477fc275fcbcec4f9e93664f7f754a6a73f11b
GuLoader
a73af68af80e885c118c828cc782e158a28ad61a2229f737288222a877c51291
GuLoader
b7949bfaf6abe4941e0e398499e8e4b020cdc6208d9fe40bcff9a02ed9367eff
GuLoader
e29eaf2eb064b7413755e438997bd51160816249665ba44aab2ed9b276dbfd39
GuLoader
e88388bec3164944678627db062b753e76b6f7f710a9fabc43dfe69e7df2f366
GuLoader
+ 948 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/211007-n5sa8sceeq/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
b54efef8396314c1f95d540ce7d0ca79f9c8c98e431c6dd177ecf037167957de
MD5 hash:
608d5496256acbf5cfc93f4958333160
SHA1 hash:
5363b8b0e9bd91b5380f1d1f42f39f551d99aa2a
Link:
https://www.unpac.me/results/61325c3f-f23f-4b51-a2ca-f7332503c098/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b54efef8396314c1f95d540ce7d0ca79f9c8c98e431c6dd177ecf037167957de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/195832/

Comments