MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd068442713d668c544ed7c9b439e27121b33ac1573b12c95c7ff7ca8003d283. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	bd068442713d668c544ed7c9b439e27121b33ac1573b12c95c7ff7ca8003d283
SHA3-384 hash:	96b1ac4e7e00bcf7cd8090f7e910afd9742b6d8dec23fa5ed850cf91e207260087cfecdd651d2be8b0dbd036d1243da4
SHA1 hash:	472ee254ad0196a8a80517d19d2d2f3f0df1fdd7
MD5 hash:	4cb9e2f765041f74d74e4635144ce621
humanhash:	tennessee-bravo-thirteen-social
File name:	http___2.56.59.76_alig.jpg
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	143'360 bytes
First seen:	2021-08-02 14:27:36 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fef384fc3a66a559dff455f07d497ca0 (5 x GuLoader)
ssdeep	3072:71C0Uu0lfu5AIRSJCgwNNNerSeMn5GqY4wNGZ+M:8u0lDIsJCggNNHzL3wc+
Threatray	1'091 similar samples on MalwareBazaar
TLSH	T1FFE362BF94ECE925E35AF8F06827E876120434C7AA0D527F5098B6BCF1275912D42F36
dhash icon	d4eac8cccce8e8d4 (7 x GuLoader)
Reporter	Racco42
Tags:	exe GuLoader jpg

Intelligence

File Origin

# of uploads :

1

# of downloads :

296

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

http___2.56.59.76_alig.jpg

Verdict:

No threats detected

Analysis date:

2021-08-02 14:29:20 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/51d93baa-14b7-4a24-baad-1d12f17511dc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/175820/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f55b4722-8d8a-43e5-9ecb-8faaafd7c8f7

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/825566

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/bd068442713d668c544ed7c9b439e27121b33ac1573b12c95c7ff7ca8003d283/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-08-02 14:28:06 UTC

AV detection:

7 of 28 (25.00%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935

163b0dbdbeb27d581695908c409f25a926613547da8cc08e844e2a93307bd9aa

21f49ea6e105c22882a9fb0065803deee18eddb76767a30ddade2e2725eb65d9

27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20

6f06cf7295e9301a4358854569f7d53dcf77319a94a76b45e60ebc72b88c2087

895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc

ab4d24e50b96e4358963a8232d7244c0aaf208cfec8c8d5022871547ed795fc9

b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57

d4dadc7dc5e003905cdd8f287bec1c4d751d8d9913689cb0894feb999917d791

ded1a64ebd165901f2a790ab8d7fd0aa3ae2f97738868d2d1add45e033efe738

+ 1'081 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210802-flak743q72/

Behaviour

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Guloader,Cloudeye

Unpacked files

SH256 hash:

bd068442713d668c544ed7c9b439e27121b33ac1573b12c95c7ff7ca8003d283

MD5 hash:

4cb9e2f765041f74d74e4635144ce621

SHA1 hash:

472ee254ad0196a8a80517d19d2d2f3f0df1fdd7

Link:

https://www.unpac.me/results/bdb97afe-22c4-43c1-bc92-bbf63173aaa7/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/bd068442713d668c544ed7c9b439e27121b33ac1573b12c95c7ff7ca8003d283

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/175820/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample