MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2c1253d4a7c1f69561044a12333f93b9a5219b9ee4555491085d978814ae0de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2c1253d4a7c1f69561044a12333f93b9a5219b9ee4555491085d978814ae0de
SHA3-384 hash: c9100d196cde24910aa07a42f32489bb96e752abf6b2a6909711ac124c952519b135fb20a6ad4b876dfaad9a84968961
SHA1 hash: b505d889461afa0d7b2904f9f934d62bc2c51b82
MD5 hash: f50bc676c142d6f660ad63d8748192ae
humanhash: hawaii-kilo-three-september
File name:Tykhuder.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2021-04-13 05:47:49 UTC
Last seen:2021-04-13 07:03:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 879f5bbda1e2f48716a0325e5b7fa215 (2 x GuLoader)
ssdeep 1536:1v0qlccS5y2h2vL2M/FPVm9vR4kIXvBAUwLN6IxOEcacLSPVm9vDd2Mf2v:Sqyjy2x8VmvI/BAUC6rEcacLOVmy
Threatray 8 similar samples on MalwareBazaar
TLSH E2E30AA0FB73A523D091C2B5560B51688295FE329ED421A3EEC1BF2E39301D1D462F77
Reporter fabjer
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
257
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Tykhuder.exe
Verdict:
No threats detected
Analysis date:
2021-04-13 05:51:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6fb2115a-6f79-4424-a20b-a570c7e75c2e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/133888/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.30262.20599.13508.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4427e8bf-8203-4ce6-9f27-2334bf8fc622
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/673828
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2c1253d4a7c1f69561044a12333f93b9a5219b9ee4555491085d978814ae0de/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2021-04-12 19:42:02 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ylaskpkkpqpwsvqqisqsgm7zhonfegnz5zcvksiqqxmxrakk4dpa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
45b6514aad30eb4fafa445c6ce8f1fa69e6b4f568f5e05a74e999c295487b850
GuLoader
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3
GuLoader
863e79eefbefca07f2b0ff5689d6421ab1ec334b19466e066c744a8ad8495ad6
GuLoader
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd
GuLoader
b2c267c3ef336e879f1ecec51c36a5ad720222410a6ee3e1b0b8823b659f1915
GuLoader
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54
GuLoader
b8d430b1bdab27f5308b0f3817a50718dc72c01f0a126c44c15e0959efd3f588
GuLoader
d6126052ac0b62aadfefafcad46980f864cd94c47c6096cc32f17d99f04a5fbf
GuLoader
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader guloader
Link:
https://tria.ge/reports/210413-m51x1dklss/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader Payload
Guloader,Cloudeye
Unpacked files
SH256 hash:
c2c1253d4a7c1f69561044a12333f93b9a5219b9ee4555491085d978814ae0de
MD5 hash:
f50bc676c142d6f660ad63d8748192ae
SHA1 hash:
b505d889461afa0d7b2904f9f934d62bc2c51b82
Link:
https://www.unpac.me/results/59f38eed-c4d0-43a5-bcb2-43ed06414b35/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c2c1253d4a7c1f69561044a12333f93b9a5219b9ee4555491085d978814ae0de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 0a482ba55509a726553b330a4c2fd71e6142542ddff387c0c34700ea0835ef9b

GuLoader

Executable exe c2c1253d4a7c1f69561044a12333f93b9a5219b9ee4555491085d978814ae0de

(this sample)

  
Dropped by
SHA256 0a482ba55509a726553b330a4c2fd71e6142542ddff387c0c34700ea0835ef9b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/133888/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-14 09:45:32 UTC

================================================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
================================================================================
0) [C0019] Data Micro-objective::Check String