MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9677a659f448378a905926188cf5bb05937016d65ad16cf1210817e909324f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9677a659f448378a905926188cf5bb05937016d65ad16cf1210817e909324f0
SHA3-384 hash: 6f373de5c698945c64b72ae4032ec39b6c2f92f8073e784c0a82487dd5124163db18ac736ec2e41a3d9dd7f2c745d576
SHA1 hash: e12c9a97047bae19470107c698a783e5d08d8868
MD5 hash: c85ee9fe0a4d346432307651cb4357a1
humanhash: triple-whiskey-beer-colorado
File name:c85ee9fe0a4d346432307651cb4357a1
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2021-07-29 07:21:17 UTC
Last seen:2021-07-29 07:50:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 73b8cec9d966d2100b9daa6840b6cd9b (1 x GuLoader)
ssdeep 1536:pfm9nt/fJxs+BBBBBBBBBBBNQ6pAqnxoJpqQXRm8WSPHPKh22JCFEHmqpxGoEoQO:Knt/RxpYqnxcpqH8n5qaC/xtTys/Dn
Threatray 15 similar samples on MalwareBazaar
TLSH T136D3AE59F2BA284EDB338270171C94DE5ADA6C2730994374DB4FF9E6D45BCE90C822B1
dhash icon 2146e4c860985a2d (1 x GuLoader)
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
239
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Invoice & BL copy.xlsx
Verdict:
Malicious activity
Analysis date:
2021-07-27 14:46:07 UTC
Tags:
encrypted exploit CVE-2017-11882
Link:
https://app.any.run/tasks/5f8ec3d3-f93a-4daf-9a8b-00189b2d4957

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174883/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46700623.12910.4274.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8a8564d5-7371-4c89-a75a-6869719132e4
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/823605
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-07-28 15:09:21 UTC
AV detection:
13 of 27 (48.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xftxuzm7isbxrkifsjqyrt23wbmtoalnmwwrntysccax5eetetya._file
Verdict:
suspicious
Similar samples:
2329a8fab1e06893e9a9abd51129dfe704bd63347688af81857cae9678c46743
GuLoader
45b6514aad30eb4fafa445c6ce8f1fa69e6b4f568f5e05a74e999c295487b850
GuLoader
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3
GuLoader
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd
GuLoader
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea
GuLoader
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54
GuLoader
b8d430b1bdab27f5308b0f3817a50718dc72c01f0a126c44c15e0959efd3f588
GuLoader
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1
GuLoader
c2c1253d4a7c1f69561044a12333f93b9a5219b9ee4555491085d978814ae0de
GuLoader
d6126052ac0b62aadfefafcad46980f864cd94c47c6096cc32f17d99f04a5fbf
GuLoader
+ 5 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210729-1a48v3dh2s/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
b9677a659f448378a905926188cf5bb05937016d65ad16cf1210817e909324f0
MD5 hash:
c85ee9fe0a4d346432307651cb4357a1
SHA1 hash:
e12c9a97047bae19470107c698a783e5d08d8868
Link:
https://www.unpac.me/results/bdada213-8745-4e8b-be6d-ec9b8539e582/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b9677a659f448378a905926188cf5bb05937016d65ad16cf1210817e909324f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe b9677a659f448378a905926188cf5bb05937016d65ad16cf1210817e909324f0

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1489338/
Cape
Cape
https://www.capesandbox.com/analysis/174883/
  
URLhaus
https://urlhaus.abuse.ch/url/1489352/

Comments


Avatar
zbet commented on 2021-07-29 07:21:19 UTC

url : hxxp://198.12.91.134/regasm/vbc.exe