MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7d1295093d4112a976f0c13be811d2a1fb6dc5928e1fabefe7b1315f7b0e95f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7d1295093d4112a976f0c13be811d2a1fb6dc5928e1fabefe7b1315f7b0e95f
SHA3-384 hash: d967601cb901ffbe280b42215170eb0c6c9d971fd14bbdf99ea3d061d57f4e502e7ab490559ec6829a8836e2fa67e9f3
SHA1 hash: 8bd3a8d8e0f6a48b51e5b3fbc119b154304044ec
MD5 hash: 457fcb32ec7df1868df42f31cce2a301
humanhash: beer-violet-october-king
File name:457fcb32ec7df1868df42f31cce2a301
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2021-06-16 10:19:55 UTC
Last seen:2021-06-16 10:56:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d5d16d1b76210dd28c8586fe9bac3119 (4 x GuLoader)
ssdeep 1536:L10ol0/gh4343HqtCJWg4edfJPVo8xZSsIgO4jcYzy6ipu5W3EUanOYA2nJ29GLN:L6UdJ/4edfA0ZSsmVu5W3EUanOYA2nJn
Threatray 27 similar samples on MalwareBazaar
TLSH CA935B17FC04C924E5148A701F62D6893615BC3AC5449F3B32B87DEE1FB56A3B990F2A
Reporter zbetcheckin
Tags:32 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
220
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
457fcb32ec7df1868df42f31cce2a301
Verdict:
No threats detected
Analysis date:
2021-06-16 10:31:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/63610799-cae6-43fc-bdd0-a22d90c77147

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.9947.286.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/776a3807-2075-4bbb-8883-e3b4af94c80a
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/802930
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c7d1295093d4112a976f0c13be811d2a1fb6dc5928e1fabefe7b1315f7b0e95f/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-06-16 05:08:43 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
7 of 29 (24.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7issuet2qisvf3pbqj35ai5fip3nxczfdq7vpx6pmjrl55q5fpq._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
250d4d5045162c39e3c1b9d637e0188089299a04106202afdf1f4826d24e27f4
GuLoader
2cad3c6af2167827f44f2d53c36b8aed25c361cbe90b030a024dd13ecc649d7f
GuLoader
34a666042ff3ad45f4e1e37776cc55d4f4fdd1bcd8233852839d55fc076410d1
GuLoader
440c2d0c62161b08e0967177bfb26f1a23df2bfdba7959c0b3bc53288eb27d82
GuLoader
96b039e90a18d1183d57eacf36c820ccf5526ab01cb498a78468fc4b8181265c
GuLoader
96bba127b43b518ff8714242dee393e5aa7aabff75a6df80cf45d9da1dbbdc94
GuLoader
a8e6e412124de36b6966b70da1880ef27a56f377aa82062700a9325c341054f7
GuLoader
ad3cc0c05d4a7f42dba42a7bc414b78d50e3279d4ac40cdeda7d893c50020231
GuLoader
cbf57cc719888dac0ce1630ed61752c1689e624174b8bf6c6e1130c2b897fb7e
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
+ 17 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210616-61ycrpj3jj/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://bara-seck.com/bin_dwjDbyFc82.bin
http://benvenuti.rs/wp-content/bin_dwjDbyFc82.bin
Unpacked files
SH256 hash:
c7d1295093d4112a976f0c13be811d2a1fb6dc5928e1fabefe7b1315f7b0e95f
MD5 hash:
457fcb32ec7df1868df42f31cce2a301
SHA1 hash:
8bd3a8d8e0f6a48b51e5b3fbc119b154304044ec
Link:
https://www.unpac.me/results/c60f488e-869d-40a3-a4f2-55b4bcda8e6d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7d1295093d4112a976f0c13be811d2a1fb6dc5928e1fabefe7b1315f7b0e95f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe c7d1295093d4112a976f0c13be811d2a1fb6dc5928e1fabefe7b1315f7b0e95f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1367787/
  
URLhaus
https://urlhaus.abuse.ch/url/1371440/

Comments