MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9a9ec05af5b7ca80af675e1c9a6d1582775d1949d35b475111a8a8b32ac4a2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9a9ec05af5b7ca80af675e1c9a6d1582775d1949d35b475111a8a8b32ac4a2a
SHA3-384 hash: 2688062405e25975c09d2373797f55be26d766d1e7d91473c40407ae38eea996d64af52c48db9a11633a900d42e686ef
SHA1 hash: 85f38e440c6acbc2c5e02235418657b1f17698e0
MD5 hash: a9e166e6b47e7a0e7fbc0c365e3b811d
humanhash: tango-missouri-low-white
File name:Bacterin9.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-11-04 14:19:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7890f146edeaeb8ae782387358143c21 (4 x GuLoader)
ssdeep 768:6yJgt3KZdJTMgKCWLQ0nWEnE0lDRE2IX:net3KhTFKCWUrwliP
Threatray 573 similar samples on MalwareBazaar
TLSH E5436C42E0D969B0EF9346B10A6CC7BCC9C76C2025917A03FA4CFF6D7C725A28D91B59
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/82919/
Detection(s):
Sanesecurity.Rogue.0hr.20201104-0605.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/520230
Signature
Antivirus detection for URL or domain
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b9a9ec05af5b7ca80af675e1c9a6d1582775d1949d35b475111a8a8b32ac4a2a/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 01:48:17 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgu6ybnpln6kqcxwoxq4tjwrlatxlumutu23i5irdkfiwmvmjiva._file
Verdict:
suspicious
Similar samples:
448379f1a0a59fa0a84180351e48559c9ed7ea6875cdd525782b714a77a2fff9
GuLoader
570f0f28a41c3df98edb9c5301bbf8ed8924640848f3fd0a7462fed0224af93c
GuLoader
5b8bcca6874eb87a0653adc3137d69a11c33c64a0087ad63646f39111ac2e62c
GuLoader
6f3800e20217ce801b5c4106be5fb1160e4accfd565e371b670c52605f2600b8
GuLoader
804257e2a2990868ba42413a9e115971317e5a3d80b13ae9526dabd277a49040
GuLoader
99b13841abbf0c2bf736ab08e0e7f48cd28cab2e69eff60399de65e0eced2e68
GuLoader
b2d7fa1333a5961bda5ebab33039aee56eb4b38ecf03b3d9e72564426c321568
GuLoader
b4faad2ab96b7348202784c23e871c07a7e5cc2ff7f0d83037cb26954f1bb8e3
GuLoader
c38dbdd341beb6f537971c9b0d98083ac08b59517052052b85d9368f85f63936
GuLoader
da84453f047b0c5e2a88e6ba46a11f390b4944f7c7f45563e19aef895c196e8e
GuLoader
+ 563 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201104-xjxyy51lza/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
b9a9ec05af5b7ca80af675e1c9a6d1582775d1949d35b475111a8a8b32ac4a2a
MD5 hash:
a9e166e6b47e7a0e7fbc0c365e3b811d
SHA1 hash:
85f38e440c6acbc2c5e02235418657b1f17698e0
Link:
https://www.unpac.me/results/523c1529-dd57-4807-bda9-2bf111ade1bd/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/82919/

Comments