MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bffbffc2b1be154742fb81ecea14cb779b8fd81581ffce2855cf588f21a8020f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	bffbffc2b1be154742fb81ecea14cb779b8fd81581ffce2855cf588f21a8020f
SHA3-384 hash:	9a1ab37b8d241ba1f42c7bdbd34b461b180ec9166b727105801e88b3d3798aaec571168cd859963bee44789a4260c9fb
SHA1 hash:	931518250bed6cd21b6cab529ed3ad9ead83cdcf
MD5 hash:	2fca7a3e51417ee2e8aefafede0847d9
humanhash:	ceiling-music-failed-sixteen
File name:	Hesap Hareketleri 28-09-2021.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	90'112 bytes
First seen:	2021-09-28 05:54:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e73b8c032c82c64991ebe487a7ffcd43 (12 x GuLoader)
ssdeep	1536:tM0wFjVxFXrMGm0tEM5eoz/s74HEgKhs:tM0wFjV7XrXltPXs7SJgs
Threatray	5'550 similar samples on MalwareBazaar
TLSH	T169935BEA76D4AEB4FF008AF40CBD5978092B7B1C85612E63FC4D291959E67940CE132F
File icon (PE):
dhash icon	a01cb88c8c8c8cb0 (12 x GuLoader, 1 x RemcosRAT)
Reporter	abuse_ch
Tags:	exe geo GuLoader TUR

Intelligence

File Origin

# of uploads :

# of downloads :

142

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Hesap Hareketleri 28-09-2021.exe

Verdict:

No threats detected

Analysis date:

2021-09-28 06:00:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/6936ff2e-1312-466f-bf7d-f84e885cb70d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/192336/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.26193.26.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8d5eb618-78da-4ea9-a26b-d395ed5b02b1

Result

Threat name:

AgentTesla GuLoader

Detection:

malicious

Classification:

troj.evad.spre.spyw

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/859520

Signature

Antivirus / Scanner detection for submitted sample

Found malware configuration

Hides threads from debuggers

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sigma detected: RegAsm connects to smtp port

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file access)

Writes to foreign memory regions

Yara detected AgentTesla

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bffbffc2b1be154742fb81ecea14cb779b8fd81581ffce2855cf588f21a8020f/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-09-28 01:03:16 UTC

AV detection:

12 of 45 (26.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=x7577qvrxykuoqx3qhwoufglo6ny7wavqh744kcvz5mi6iniaihq._file

Verdict:

unknown

GuLoader

14eb827b600c3f7ccf2af766d0fec868e6b0467eba9264f19b75427f95ef7cfa

GuLoader

2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90

GuLoader

47d8b37351178ed6a40a269f3f42eb23fa0780a9a93098439275f7e66897a924

GuLoader

74484ebd3d27d09c34df24fc16ef5ce34a5f4d337c32d1dad9f3ee3e717f0ba3

GuLoader

a393c2aa773ef090f5e907c90c5cf90d67c2b6db2a2ffedac0b75c748f3a7b45

GuLoader

c0d3da1cefd1a979c8b8ce102fd5d3ff090779f72f4d1098eb383cbbb3480bee

GuLoader

dd996392170826c47b9ab378464423e470a1bdfdff7bcd183c61e3e7896d4326

GuLoader

e49ff3e9ecbbe320e8cd29470d13b72643674b66e75ab5a824dda36eef6bf05e

GuLoader

+ 5'540 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210928-gmgy8aagbj/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

bffbffc2b1be154742fb81ecea14cb779b8fd81581ffce2855cf588f21a8020f

MD5 hash:

2fca7a3e51417ee2e8aefafede0847d9

SHA1 hash:

931518250bed6cd21b6cab529ed3ad9ead83cdcf

Link:

https://www.unpac.me/results/316b2726-29a9-476a-90c5-f564e324ebc5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bffbffc2b1be154742fb81ecea14cb779b8fd81581ffce2855cf588f21a8020f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/192336/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample