MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c943a100bc29344a690516900fd3fc830c0af1646499ade9e082e76cdf45901f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c943a100bc29344a690516900fd3fc830c0af1646499ade9e082e76cdf45901f
SHA3-384 hash: 96ad8b01727462c1e9c9265b92b101c4010fa55af37a96fba9030f6081803e31b5eb4f40f39dd1e9057dd75e196b84f2
SHA1 hash: ba23c887a76de98f8321f73885ec5cf1e8d9a496
MD5 hash: c759aee39e99516871119cb4f8e0603c
humanhash: saturn-floor-colorado-yankee
File name:QUOTE_USD67,000-INV.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:204'800 bytes
First seen:2021-05-18 05:30:57 UTC
Last seen:2021-05-18 06:47:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e5eb49e3354241ad00a42b392681b7c7 (1 x GuLoader)
ssdeep 1536:I2L7+tPV3Di47/vQYWyy4zPYeN0vd/7dHnbsMcogNH0Tg4SuA3j9:Io7+lRjrQeTBN0FdHnbsxBv
Threatray 1'410 similar samples on MalwareBazaar
TLSH 7E14D3563E10F831E4668CBD6A28237F54B7FC70045E544FC2233A29AEF4395A919F8B
Reporter GovCERT_CH
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
QUOTE_USD67,000-INV.exe
Verdict:
No threats detected
Analysis date:
2021-05-18 07:21:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f23e1da7-7566-4913-9e43-7884a718ffdf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/157985/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.13863.31739.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/783869
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Potential malicious icon found
Potentially malicious time measurement code found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c943a100bc29344a690516900fd3fc830c0af1646499ade9e082e76cdf45901f/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-05-18 05:31:09 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zfb2caf4fe2eu2ifc2ia7u74qmgav4lemsm232paqltwzx2fsapq._file
Verdict:
suspicious
Similar samples:
12e42bff4fa377032623342ac1f23a5c87225a40ef8b900cbb06ae4bd203864d
GuLoader
22b13820a6139c7682d5e1108aefde2200dc593e14fe7fca28eb27d5e616bef7
GuLoader
34a666042ff3ad45f4e1e37776cc55d4f4fdd1bcd8233852839d55fc076410d1
GuLoader
39874f3eb3d660ef8af1c02af08ddfa4d3dc14aedf2c216e3e1f8639813bf2e1
GuLoader
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
GuLoader
6147decc439b9d258f5b19f77dfa47ea441e681c49e0b699533eea18104f4092
GuLoader
6d0c8b1c8079ad4db2e523bdde3d9fed95003c5aa19073bceddb7b3375bfc6d2
GuLoader
c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3
GuLoader
c63a3f86be406a11e8f7760403e407a97441753205f8cef432fd634856ca2992
GuLoader
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
GuLoader
+ 1'400 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210518-s8zmpqrpex/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe c943a100bc29344a690516900fd3fc830c0af1646499ade9e082e76cdf45901f

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/157985/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-18 05:59:40 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0019] Data Micro-objective::Check String