MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3935d8d7f8242fcba2abf1097257efc849949dd2e3abea70e57957243436e63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3935d8d7f8242fcba2abf1097257efc849949dd2e3abea70e57957243436e63
SHA3-384 hash: cf634cbfed5101b5d814272b824e3bc08cdef464f4e0e17c27384bf2a5f2f9e89b3b39058936329bb3232f4d99953d90
SHA1 hash: 820e5d1d1f6deed724d23b511d6952accba51943
MD5 hash: c2101c1a7e7fd03f7071607fefdf0eec
humanhash: seventeen-avocado-mars-princess
File name:c2101c1a7e7fd03f7071607fefdf0eec.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2021-02-17 18:08:52 UTC
Last seen:2021-02-17 19:56:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 28cfb83efbb0b6bd426b66f31651da5c (16 x GuLoader, 1 x RemcosRAT)
ssdeep 768:867RxAIrSsR4w/eP+7iRa1eRhawHDxZK6LW9jiB6UJjy8px0kyYkca16Yg:N6k48ePPaAnHDWNC6Ey8px0kBkca163
Threatray 4'764 similar samples on MalwareBazaar
TLSH 2EA3B472B954CCBAD04484314512F7AC0527BF3288849E6FBACDBB5E1F776D2A490E1B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://mtspsmjeli.sch.id/cl/Gee_remcos%202020_XXyaeeRajP35.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.843298.32458.16125.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/610704
Signature
Found potential dummy code loops (likely to delay analysis)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3935d8d7f8242fcba2abf1097257efc849949dd2e3abea70e57957243436e63/
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-02-17 18:09:06 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yojv3dl7qjbpzorkx4ijojl67scjsso5fy5l5jyok6kxeq2dnzrq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0074b4e19d6ad55ab6573d7522ead0f75a84b866611cc8133d08b5800e3bb32a
GuLoader
1289d591984de5325235e57987ab171b4ae3f9d55baf3476087677805922427f
GuLoader
17314d9e48839344dafc7dbdb9af89ad08603a106fb09eda8f74af42dd8a8252
GuLoader
21afff77ea0ce89dca2d925ed0d8b5a61f7ab42ca9aca78019843e9e251bbcb3
GuLoader
7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad
GuLoader
91db926d13bb0137347991e30a1ccd093e535ff375e102bfd44d9aae15650d21
GuLoader
abd1efbc5426f71f61487986b017c56c6e4d88a7c059cb77284b30607965722f
GuLoader
bbab8de2b5423859a65ec7bd98d6200c7e82798851c6fbb48bac1119da8bb5ed
GuLoader
deb7f6e76d0d27a58d7eb53380b8f399d81caa842fe188830327b9aad82afdb0
GuLoader
ed081d99724673a343863138b3eac0fbe402c8ba256cc466c535d3e7133187d1
GuLoader
+ 4'754 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210217-sycl7pehxa/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
c3935d8d7f8242fcba2abf1097257efc849949dd2e3abea70e57957243436e63
MD5 hash:
c2101c1a7e7fd03f7071607fefdf0eec
SHA1 hash:
820e5d1d1f6deed724d23b511d6952accba51943
Link:
https://www.unpac.me/results/a8f10869-1424-443d-a921-37d84f73bce6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe c3935d8d7f8242fcba2abf1097257efc849949dd2e3abea70e57957243436e63

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1016339/
  
URLhaus
https://urlhaus.abuse.ch/url/1015551/
  
Delivery method
Distributed via web download

Comments