MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c28bfc6622b79ac2f1b1d57425553dd13c14648be45776e5070f78624b4ae1b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	c28bfc6622b79ac2f1b1d57425553dd13c14648be45776e5070f78624b4ae1b8
SHA3-384 hash:	062e910ca9769285c6c18ce1c5e1f7f4a7215a02dd8c92502c566cdfe4161669b7cca56a9951033c3d184e438f95e859
SHA1 hash:	17953332e2be3d865185b953ef8c679699bbe1e2
MD5 hash:	592a4ec48ecf1aa1547a97ad42cfa916
humanhash:	california-louisiana-uniform-florida
File name:	Piked1.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	135'304 bytes
First seen:	2022-02-10 06:09:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	56a78d55f3f7af51443e58e0ce2fb5f6 (719 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep	3072:WbG7N2kDTHUpouKQEqoCPPC0lxvEvS+3goePPfSX:WbE/HUdEoPC03Z+3CHfSX
Threatray	1'546 similar samples on MalwareBazaar
TLSH	T1ABD3E0213764C426D9B103306974E73A9FBABCAA62619E8337D03F5B7E732418A1F715
File icon (PE):
dhash icon	60f0e47c3894e039 (2 x GuLoader)
Reporter	abuse_ch
Tags:	exe GuLoader signed

Code Signing Certificate

Organisation:	VEGETARIANISMENS
Issuer:	VEGETARIANISMENS
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-02-10T04:32:50Z
Valid to:	2023-02-10T04:32:50Z
Serial number:	00
Intelligence:	325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:	This certificate is on the Cert Central blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	1e3814ef822435a4cc473de6b6810efabd5eb2687aac0fc04c431e996b4b432d
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

1

# of downloads :

277

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/240126/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Creating a file in the %temp% directory

Creating a file

DNS request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

control.exe overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/6204ac4136f992191835d7d5/reports/126a5cd0-a9a0-4116-80fb-a1d4b071976a/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/66f1b9c0-7ab8-4c77-916c-69e19fd3f6c0

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

evad

Score:

25 / 100

Link:

https://www.joesandbox.com/analysis/937354

Signature

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c28bfc6622b79ac2f1b1d57425553dd13c14648be45776e5070f78624b4ae1b8/

Threat name:

Win32.Downloader.GuLoader

Status:

Malicious

First seen:

2022-02-10 06:10:20 UTC

File Type:

PE (Exe)

Extracted files:

4

AV detection:

3 of 28 (10.71%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ykf7yzrcw6nmf4nr2v2ckvj52e6bizel4rlxnzihb54ges2k4g4a._file

Verdict:

suspicious

Label(s):

cloudeye

Similar samples:

00caa54a646237cf00f305613cdd9e0e8dd8e4dcd9706bbdfc71e22f6e673683

10f957f6ae25382ddca0fc6fbd364f20d6e4cfa2f49728167bc1504cd3be0c46

4959de8067a62478d5192edb0c7822484ea3f75c643100b4c73b0165eadd8911

4fa28556557b228a0cabb6a51597217e09afdf58a140b1181f0bd8325e6e4d0f

7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347

7916f9aeaf36a8fec95e5a5cb7372f509e6597d3b8648a636b425f382e6993f8

c5072b4120ac9daa3dc0e000cce9e6d6e3a1ca01fed779e0b43d877a744409cd

c5c0fbca778f53dc085d84ad3f038e4a20bce7add5f07012594194bc3bca522a

+ 1'536 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/220210-gw3bhsfac4/

Behaviour

Suspicious use of AdjustPrivilegeToken

Enumerates physical storage devices

Drops file in Windows directory

Loads dropped DLL

Guloader,Cloudeye

Unpacked files

SH256 hash:

8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

MD5 hash:

cff85c549d536f651d4fb8387f1976f2

SHA1 hash:

d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

Link:

https://www.unpac.me/results/2704ed49-9fea-4245-873d-dc7ca84f3428/

SH256 hash:

c28bfc6622b79ac2f1b1d57425553dd13c14648be45776e5070f78624b4ae1b8

MD5 hash:

592a4ec48ecf1aa1547a97ad42cfa916

SHA1 hash:

17953332e2be3d865185b953ef8c679699bbe1e2

Link:

https://www.unpac.me/results/2704ed49-9fea-4245-873d-dc7ca84f3428/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/240126/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample