MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8f2ef8abbb849d937c356d6ee6055d5675ddebf8ce6d332eec8cc9249104784. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8f2ef8abbb849d937c356d6ee6055d5675ddebf8ce6d332eec8cc9249104784
SHA3-384 hash: 07bf05b24f1b072765203641d3880ae616acfb3be44b5432d4e816d1e9256541184e476a7bbf1c3ce0e78312242aa1e0
SHA1 hash: 3c8e55b57cbe64ee123e524d9ec4248d6b4b43ad
MD5 hash: 9eb81ca2a4c102db45d988ee72685ead
humanhash: social-lion-spaghetti-twelve
File name:Zahteva za ponudbo 07-10-2021·pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:151'552 bytes
First seen:2021-10-07 11:59:46 UTC
Last seen:2021-10-07 13:13:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7d08175a5c50907c8948c11ac22e7484 (2 x GuLoader)
ssdeep 1536:yvuMfB7mhCkwxs+to+zQMy33gaKBBeSiwRYh2cvieq2sS4NCkOD:/MJ7xHxhC+zTyn7KbYde2sXNC
Threatray 6'009 similar samples on MalwareBazaar
TLSH T16DE37D77B7518CA2E5A988350A97E822D08DFD12DA5E67B661C03E2D4E32DE5CC9070F
File icon (PE):PE icon
dhash icon c9f0dade93daccf9 (1 x GuLoader)
Reporter abuse_ch
Tags:exe geo GuLoader SVK

Intelligence

File Origin
# of uploads :
2
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Zahteva za ponudbo 07-10-2021·pdf.exe
Verdict:
No threats detected
Analysis date:
2021-10-07 12:11:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/788f06f2-ab5a-42df-95f2-c30d673f9989

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/195833/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.25576.11494.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/615ee14698a6280f39339f15/reports/3b57a5dc-9deb-42c5-8242-c2d0cff3d571/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d6b3dc30-a83c-48dd-8292-7b801c4a4d70
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/866376
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8f2ef8abbb849d937c356d6ee6055d5675ddebf8ce6d332eec8cc9249104784/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-10-07 12:00:06 UTC
AV detection:
17 of 27 (62.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zdzo7cv3xbe5sn6dk3lo4ycv2vtv3xv7rttngmxozdgjesiqi6ca._file
Verdict:
unknown
Similar samples:
47046d5dfe7ecf45e4c31f25b975af78684f9727b91a7d052b5731e95d2f0a4c
GuLoader
7afa7c7724abb034d3155e1e1fc1fd3f9961e56fd6119428d975d8aaee3070f9
GuLoader
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
GuLoader
9bdb2adacff9530fde8a0b020e84188b0b39995db62ba167608d8e2493bd3ee4
GuLoader
ae83f208925ec791bd10f37e0cd1bfc98473ea586c4814288a243c7d579c2e55
GuLoader
afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c
GuLoader
bd6cf98ff23cdad2f5bb43bb60e61275d8ad1ad7baeb609aa0a812fc048fede0
GuLoader
c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3
GuLoader
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
GuLoader
db48dc160b1f48b8939b0d49c5f0bee2a28bc3b340cff62cea8da50424e1afea
GuLoader
+ 5'999 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/211007-n6bpwaceer/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Guloader,Cloudeye
Unpacked files
SH256 hash:
49b04162c412105ab0857de16713724cbf3234a0b6ba51f3a5286312633f20c3
MD5 hash:
1f1b425190b2fb0396ad2d538b1060ba
SHA1 hash:
413f98641d46fdcabfcaf64f29495667de6282ea
Link:
https://www.unpac.me/results/f640a0bc-2f12-4b9e-b80f-2f4346a86e9b/
SH256 hash:
c8f2ef8abbb849d937c356d6ee6055d5675ddebf8ce6d332eec8cc9249104784
MD5 hash:
9eb81ca2a4c102db45d988ee72685ead
SHA1 hash:
3c8e55b57cbe64ee123e524d9ec4248d6b4b43ad
Link:
https://www.unpac.me/results/f640a0bc-2f12-4b9e-b80f-2f4346a86e9b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/c8f2ef8abbb849d937c356d6ee6055d5675ddebf8ce6d332eec8cc9249104784

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/195833/

Comments