MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c406f350618ef9ed643059f1a264ddf8e111fdf8ab23f64ba0b6a409d02a4ac7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c406f350618ef9ed643059f1a264ddf8e111fdf8ab23f64ba0b6a409d02a4ac7
SHA3-384 hash: 21ac14831c681ceab9665dd617a5ee2ef5d359306038e34bec22697e07f2bbe834a205a265717af232028379f62c189b
SHA1 hash: 9d50e9c4e7953570aab0d7f6e5daef85ce7cb747
MD5 hash: 717bc63d6121cfa36b2b8123ecccc686
humanhash: nevada-carbon-saturn-social
File name:wheatstag.png.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-09-10 13:29:27 UTC
Last seen:2020-09-10 14:45:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 94f84430c84cb697bf0b54b63d9a19fb (1 x GuLoader)
ssdeep 768:2NPBYZCw4UBt0p1SxWRf5W8klPW1PQE96vg2tv0pjh82QLDJwn9vnkB:owrvI1V188kRWi0utvaODa9vA
TLSH E7538DA2E494B5B6E3A5CAF14F744BA411BFFC612500C71325987B5A0F7FB08C96932E
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
240
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/58411/
Detection(s):
SecuriteInfo.com.FileRepMalware.22877.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/463217
Signature
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses an obfuscated file name to hide its real file extension (double extension)
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c406f350618ef9ed643059f1a264ddf8e111fdf8ab23f64ba0b6a409d02a4ac7/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-09-10 05:31:50 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yqdpgudbr3462zbqlhy2ezg57dqrd7pyvmr7ms5aw2satubkjldq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/200910-x7gnwzpakj/
Behaviour
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c406f350618ef9ed643059f1a264ddf8e111fdf8ab23f64ba0b6a409d02a4ac7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/58411/

Comments