MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c15809e8ecf7f049f4793bd618212fdc2077fce1a626b59e152fbc1bdad41485. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	c15809e8ecf7f049f4793bd618212fdc2077fce1a626b59e152fbc1bdad41485
SHA3-384 hash:	2a5679bca20a6b2f7323da3a443e674ed223ad32743c0c78009958dc0bec2a19c5205842d7e1661d34494a68fcf5f7c9
SHA1 hash:	d85dbd318bcf14667a5feef9237db4f84a627f75
MD5 hash:	5cf27ec755267b1f7e443c9f2f45e627
humanhash:	ten-oxygen-triple-alanine
File name:	5cf27ec755267b1f7e443c9f2f45e627
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	212'992 bytes
First seen:	2021-06-18 07:39:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	736ed7b0c5ed5ff5a7eaab3e77ea63b1 (1 x GuLoader)
ssdeep	6144:8gHI97MiB6PZJH1SSgKNrl3mzF368zcQDPcuxf6SOX+3skfNdZu8faYVGoK28ZL0:Q97MiB6PZJH1SSgKtl3mzF368zcQDPcE
Threatray	5'137 similar samples on MalwareBazaar
TLSH	5C24B71AB978A4EAF81190F8FC65E2CF12513F736D2B1D07F6C23B45A03955B95B0A13
Reporter	zbetcheckin
Tags:	32 exe GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

219

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

5cf27ec755267b1f7e443c9f2f45e627

Verdict:

No threats detected

Analysis date:

2021-06-18 07:40:52 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/aae41d20-9ca6-495e-a935-053f2f6be44d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Guloader

Link:

https://www.capesandbox.com/analysis/166785/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.1864.2921.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0dcd3db3-e408-430e-bf85-e57a9d84982b

Result

Threat name:

Unknown

Detection:

malicious

Classification:

rans.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/804189

Signature

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Multi AV Scanner detection for submitted file

Potential malicious icon found

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/c15809e8ecf7f049f4793bd618212fdc2077fce1a626b59e152fbc1bdad41485/

Verdict:

unknown

Similar samples:

1c958bc2a268ce3f104a35882f694f8bead71015937bfb99b0986400ab29d703

2b63f1488d9a8396513a3dd2ca07b44adee4b1187dc5e6d94934ed6271e76f5d

311bf44fb33aa4661e8630fcb2830f22714427133527c1768f0b0ceaad502533

60fe4a1f0ed577bfa8d10195a3d1123b0a7ab551d3579686ee6ac6bc18282fe5

926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea

97c784403f83adbd7a4b8142c3e69e9acba2898d7293063a07b58ea35dff7b39

9a825ee20f777192913e6c02d8038cdb34907bbcfdec074f664516668f7d1339

bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1

c1e5c1bac3cb433dc33547887f053aa89c2f2abcd1fce47c12d50b91f35069eb

ea36f17e9a118b567da5b9be48f13527cdd109da17d5e5abb0809f9356622f9b

+ 5'127 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210618-gh4a9tfa12/

Behaviour

Suspicious use of SetWindowsHookEx

Drops file in Windows directory

Guloader,Cloudeye

Malware Config

C2 Extraction:

http://farmersschool.ge/bin_yJgBq177.bin
http://benvenuti.rs/wp-content/bin_yJgBq177.bin

Unpacked files

SH256 hash:

c15809e8ecf7f049f4793bd618212fdc2077fce1a626b59e152fbc1bdad41485

MD5 hash:

5cf27ec755267b1f7e443c9f2f45e627

SHA1 hash:

d85dbd318bcf14667a5feef9237db4f84a627f75

Link:

https://www.unpac.me/results/81e4d76c-0db5-4564-9ce5-540c17544412/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c15809e8ecf7f049f4793bd618212fdc2077fce1a626b59e152fbc1bdad41485

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe c15809e8ecf7f049f4793bd618212fdc2077fce1a626b59e152fbc1bdad41485

(this sample)

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/166785/

URLhaus

https://urlhaus.abuse.ch/url/1375311/

URLhaus

https://urlhaus.abuse.ch/url/1375313/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample