MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfcd5670bfa7bc6ccbf5d9b13ef3993e852f40b1d77b6854c99d1cee1558e78a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfcd5670bfa7bc6ccbf5d9b13ef3993e852f40b1d77b6854c99d1cee1558e78a
SHA3-384 hash: b455ca01c0f4693cc173da6f015c81b91481d862e9a1863bc380d7bd88a2a106b1b02a84adb874bf24aeca63d9e90143
SHA1 hash: 2d3f4855562de804153db5903fe2e677b97316c2
MD5 hash: 8061f2156b3fee2aafe82dac1a75f275
humanhash: nineteen-eighteen-snake-massachusetts
File name:Pending Orders.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:296'160 bytes
First seen:2022-02-10 21:37:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (720 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep 6144:nbE/HUggnZO8ybzEiiY39oTefazVImrfzpf7JGeiA4nfiWW6Y/Y:nb8gnZOJi+o6fazVIwfzXIA4qF/Y
Threatray 1'552 similar samples on MalwareBazaar
TLSH T1E254F1A0F3409CA5E95243B98572EA36499BFD2614B04A4B13E93D3BB9337D3546BF03
File icon (PE):PE icon
dhash icon 00fcfcfce4e4fcfc (3 x GuLoader)
Reporter TeamDreier
Tags:exe GuLoader Mcphail signed

Code Signing Certificate

Organisation:Mcphail
Issuer:Mcphail
Algorithm:sha256WithRSAEncryption
Valid from:2022-02-09T08:11:26Z
Valid to:2023-02-09T08:11:26Z
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 981328b2931fa5cfc4574299189d2074603084adee3791e52bf83f8737fb05db
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
359
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/240765/
Detection(s):
SecuriteInfo.com.Win32.Outbreak.17193.22394.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Creating a file
DNS request
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/620585ca45ddfa2e18bd2f94/reports/8f7c33a0-38b1-4877-b6d9-35adbb7a248a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/61288903-9a7f-48eb-ac20-a5122eac9b3c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/938016
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bfcd5670bfa7bc6ccbf5d9b13ef3993e852f40b1d77b6854c99d1cee1558e78a/
Threat name:
Win32.Downloader.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2022-02-10 05:01:03 UTC
File Type:
PE (Exe)
Extracted files:
28
AV detection:
14 of 28 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x7gvm4f7u66gzs7v3gyt544zh2cs6qfr255wqvgjtuoo4fky46fa._file
Verdict:
malicious
Similar samples:
00caa54a646237cf00f305613cdd9e0e8dd8e4dcd9706bbdfc71e22f6e673683
GuLoader
10f957f6ae25382ddca0fc6fbd364f20d6e4cfa2f49728167bc1504cd3be0c46
GuLoader
4959de8067a62478d5192edb0c7822484ea3f75c643100b4c73b0165eadd8911
GuLoader
4fa28556557b228a0cabb6a51597217e09afdf58a140b1181f0bd8325e6e4d0f
GuLoader
7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347
GuLoader
7916f9aeaf36a8fec95e5a5cb7372f509e6597d3b8648a636b425f382e6993f8
GuLoader
c5072b4120ac9daa3dc0e000cce9e6d6e3a1ca01fed779e0b43d877a744409cd
GuLoader
c5c0fbca778f53dc085d84ad3f038e4a20bce7add5f07012594194bc3bca522a
GuLoader
+ 1'542 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/220210-1g2wzshch7/
Behaviour
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
Drops file in Windows directory
Loads dropped DLL
Guloader,Cloudeye
Unpacked files
SH256 hash:
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
MD5 hash:
cff85c549d536f651d4fb8387f1976f2
SHA1 hash:
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
Link:
https://www.unpac.me/results/874b995b-db6f-4b6f-a44b-9ff7c1476788/
SH256 hash:
bfcd5670bfa7bc6ccbf5d9b13ef3993e852f40b1d77b6854c99d1cee1558e78a
MD5 hash:
8061f2156b3fee2aafe82dac1a75f275
SHA1 hash:
2d3f4855562de804153db5903fe2e677b97316c2
Link:
https://www.unpac.me/results/874b995b-db6f-4b6f-a44b-9ff7c1476788/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:exec_macros
Create hunting rule
Author:ddvvmmzz
Description:exec macros

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe bfcd5670bfa7bc6ccbf5d9b13ef3993e852f40b1d77b6854c99d1cee1558e78a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/240765/

Comments