MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba0751d8b1ccba23fce33d31e5f8ecf75af336cac86b5ae1d2c4306d53cd148c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba0751d8b1ccba23fce33d31e5f8ecf75af336cac86b5ae1d2c4306d53cd148c
SHA3-384 hash: 1d11cf7e7d4195cbb524e084a0a73439ee9f10503b197f7e52860c8d193ea8124db44a4566fff52bc0ed22798a585da8
SHA1 hash: 2a5b9d10f3d688a05af277f880ffb557c1df3d48
MD5 hash: 31af6d34827c7255b7b69370a9dae461
humanhash: spaghetti-beryllium-fourteen-fourteen
File name:SOLICITUD DE OFERTA PEDIDO nº 1202135489.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:119'808 bytes
First seen:2021-08-10 09:45:38 UTC
Last seen:2021-08-10 10:41:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 55eea43da7f3c7829cddd95897d8aea4 (1 x GuLoader)
ssdeep 1536:Ir53Hu4ybtrnlwZTTqrT66r/+Jc/RjootGf/XxsgUK23u2KyIedrPRAo3HcJ:I2tblSsT66iCiJf/KgUK2efyI+1ARJ
Threatray 715 similar samples on MalwareBazaar
TLSH T1A3C38DD1FB908C67D66A15F214B31F55C8686EE0142A8F8391DA0E2C6FDBB03A7241DF
dhash icon dae4d4dad0d4e886 (1 x GuLoader)
Reporter lowmal3
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
217
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SOLICITUD DE OFERTA PEDIDO nº 1202135489.exe
Verdict:
No threats detected
Analysis date:
2021-08-10 09:48:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e36566f1-66d5-4e70-9fd4-95941fd04790

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.UDS.Worm.Win32.WBVB.32402.20958.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a process from a recently created file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0b7af4b1-837b-46cc-a946-a35fa0ec63af
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/830048
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ba0751d8b1ccba23fce33d31e5f8ecf75af336cac86b5ae1d2c4306d53cd148c/
Threat name:
Win32.Worm.Wbvb
Create hunting rule
Status:
Malicious
First seen:
2021-08-10 09:43:52 UTC
AV detection:
5 of 45 (11.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xidvdwfrzs5ch7hdhuy6l6hm65npgnwkzbvvvyosyqyg2u6ncsga._file
Verdict:
unknown
Similar samples:
3fb2d2391c1b8d865c8dcd2c03b1f0923a397f3428a133aa082f0643e46483d8
GuLoader
4db943d3621a557370a3585cd61db3f9835c65f350a2284c9d5f3024adb0ff07
GuLoader
53180a35165cd2b407bee274b9872b94f849e73c7b42dbd9370eecf0f4cc00e8
GuLoader
6785bb7e30144c967cf7c9c905f2bbae99951ac320d5d30d63e11a30242d3547
GuLoader
75f423b4e6ca17c94dda8104d745642ca61a0a54a38bf29e3ca55b9d0fec7d66
GuLoader
81be23ce8636c948e1ac5c966ee5c34f738f8dc20aa85acedbca48f92e1ff363
GuLoader
9c20d2a4e22acfdf30c9b3cc30e5d5988454ac2eabaedfd4cbbc3b9bb5abdf27
GuLoader
9fe616b7f813e2de5c4ebf53b624e0f1577014aae677f9f73dc99d8c1b19d140
GuLoader
+ 705 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210810-df8ryx4z1e/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
ba0751d8b1ccba23fce33d31e5f8ecf75af336cac86b5ae1d2c4306d53cd148c
MD5 hash:
31af6d34827c7255b7b69370a9dae461
SHA1 hash:
2a5b9d10f3d688a05af277f880ffb557c1df3d48
Link:
https://www.unpac.me/results/26d77114-3ffe-444d-80e5-274870d4f62c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ba0751d8b1ccba23fce33d31e5f8ecf75af336cac86b5ae1d2c4306d53cd148c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe ba0751d8b1ccba23fce33d31e5f8ecf75af336cac86b5ae1d2c4306d53cd148c

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments