MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2c6dbfb6b0c03a22473c7f2f6cbfe0bbf500c795b920ddeb37c27af7de76d93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2c6dbfb6b0c03a22473c7f2f6cbfe0bbf500c795b920ddeb37c27af7de76d93
SHA3-384 hash: aa03b0c835f71f356e151410095d065322edc159cfaf3b452f3d1ea2069427b90f21151a89eac46b31e01fea721ea567
SHA1 hash: 77b2d72903e4fafda700de58b6803e79f8f8ae21
MD5 hash: e7eeebf0997168b2a53db6b4f49ff73d
humanhash: twelve-oxygen-magnesium-cat
File name:SecuriteInfo.com.Gen.Variant.Nemesis.10034.32600.31684
Download: download sample
Signature GuLoader
Create hunting rule
File size:313'472 bytes
First seen:2022-08-18 10:40:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ea4df5d94204fc550be1874e1b77ea7 (241 x GuLoader, 29 x RemcosRAT, 17 x VIPKeylogger)
ssdeep 6144:XB+pgULLC8wSCdNcHsJHQ67OVa+ib+2VMo+dMRe/n:XgDL3wdis/7V+ib+8hsv
Threatray 5'465 similar samples on MalwareBazaar
TLSH T1C064F1423392EC13D7501B30D856E77A8A68EF953D25CA077774AFCFBA607629809363
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe GuLoader signed

Code Signing Certificate

Organisation:downsized Activise Snkendes
Issuer:downsized Activise Snkendes
Algorithm:sha256WithRSAEncryption
Valid from:2021-12-26T02:51:35Z
Valid to:2024-12-25T02:51:35Z
Serial number: -5ae3a272ae17409c
Thumbprint Algorithm:SHA256
Thumbprint: 54b7c2fa11cf6253a7825327a61ed6b4c0d8637626c1b81cd43e3aad6ac4e8e7
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
352
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Gen.Variant.Nemesis.10034.32600.31684
Verdict:
Malicious activity
Analysis date:
2022-08-18 10:41:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5c30665a-bd6a-42c0-9d0f-0dec22ba4487

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/299573/
Detection(s):
SecuriteInfo.com.Gen.Variant.Nemesis.10034.32600.31684.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the Windows task manager window
Launching a process
Creating a process with a hidden window
Sending a custom TCP request
Creating a file in the %temp% directory
Creating a window
Creating a file
Creating a file in the %AppData% subdirectories
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/29402/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/62fe17bbeb0bf1e2c6e84a26/reports/7f1c03b2-3210-4111-9f1b-2833e3f9f8be/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/8496ad5c-84b4-4609-9927-b599149be613
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1053741
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 686258 Sample: SecuriteInfo.com.Gen.Varian... Startdate: 18/08/2022 Architecture: WINDOWS Score: 48 24 Multi AV Scanner detection for submitted file 2->24 7 SecuriteInfo.com.Gen.Variant.Nemesis.10034.32600.exe 3 36 2->7         started        process3 file4 18 C:\Users\user\...\ArmouryCrate.DenoiseAI.exe, PE32+ 7->18 dropped 20 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 7->20 dropped 22 C:\Users\user\AppData\Local\...\System.dll, PE32 7->22 dropped 10 powershell.exe 9 7->10         started        12 powershell.exe 8 7->12         started        process5 process6 14 conhost.exe 10->14         started        16 conhost.exe 12->16         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2c6dbfb6b0c03a22473c7f2f6cbfe0bbf500c795b920ddeb37c27af7de76d93/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2022-08-18 10:41:08 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
16 of 25 (64.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yldnx63lbqb2ejdty7zpns76bo7vaddzloja3xvtpqt267phnwjq._file
Verdict:
unknown
Similar samples:
011bc5d6f824739b9ce820b2bc4a439a0d875427b9dc73a32797643276b50880
GuLoader
2f5639932c7a25cf51737748cdc495367a9203e0a963f930f0009935109da190
GuLoader
3d98372c6a97d777c51dc68da43d45b9183ceef3219df340a76aef12f6967555
GuLoader
42568b23642c3e00e11b6cec958a4395b96538b04148b9855b4881392dce66d1
GuLoader
8287f37fbd5697059ed98cd9b6b925c832fe6b229c035354e588e8a8793f9590
GuLoader
8e775324fc69a677394cf6d079d1d45bf53af10acd683bda53e5f86a8a192393
GuLoader
d4405060b30fab298c2747fc58ec301dfa160be2df3e335a78900fac044a2493
GuLoader
d5a8b6cb7b39d6f71ce67c6c8e17030079f2778087ee12c0ad45bd823f7bd53c
GuLoader
d789a675b16eca7a3d78fffd03d6dfc18a396d6eac4da2472b99700ff1cb09c7
GuLoader
f48f29b77d06f3c8617af598413f5b697a3c0569d6ac959e80fec1a4ea499cea
GuLoader
+ 5'455 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/220818-mq39hsdcar/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Windows directory
Loads dropped DLL
Guloader,Cloudeye
Unpacked files
SH256 hash:
7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7
MD5 hash:
c5b9fe538654a5a259cf64c2455c5426
SHA1 hash:
db45505fa041af025de53a0580758f3694b9444a
Link:
https://www.unpac.me/results/7a694550-b5a0-45b8-bfed-08299b87d1df/
SH256 hash:
067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
MD5 hash:
0d45588070cf728359055f776af16ec4
SHA1 hash:
c4375ceb2883dee74632e81addbfa4e8b0c6d84a
Link:
https://www.unpac.me/results/7a694550-b5a0-45b8-bfed-08299b87d1df/
SH256 hash:
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
MD5 hash:
a4dd044bcd94e9b3370ccf095b31f896
SHA1 hash:
17c78201323ab2095bc53184aa8267c9187d5173
Link:
https://www.unpac.me/results/7a694550-b5a0-45b8-bfed-08299b87d1df/
SH256 hash:
8c6a95a1bf06c22224ab43bc1a1948f2cb0fd8d7089f2b828033c0fde161d2c2
MD5 hash:
d5bf01b2a316120d3d906e48e850520e
SHA1 hash:
a0e2f1caca1d35c227d231e6063d71ffe1d06322
Link:
https://www.unpac.me/results/7a694550-b5a0-45b8-bfed-08299b87d1df/
SH256 hash:
c2c6dbfb6b0c03a22473c7f2f6cbfe0bbf500c795b920ddeb37c27af7de76d93
MD5 hash:
e7eeebf0997168b2a53db6b4f49ff73d
SHA1 hash:
77b2d72903e4fafda700de58b6803e79f8f8ae21
Link:
https://www.unpac.me/results/7a694550-b5a0-45b8-bfed-08299b87d1df/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.74
Link:
https://yomi.yoroi.company/submissions/c2c6dbfb6b0c03a22473c7f2f6cbfe0bbf500c795b920ddeb37c27af7de76d93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/299573/

Comments