MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc8e7690934b9059a1613d246a6c933df5dd7b1e333038dc76f7839dcc5697cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc8e7690934b9059a1613d246a6c933df5dd7b1e333038dc76f7839dcc5697cd
SHA3-384 hash: 2225595400743a6beb29a949d28aef93d517f1e18c8bddd00541ab2b8b4d087435dd65fba30e933d42d2e0222a67676d
SHA1 hash: 7cc53628714dd9d69881be1d186adf7b3e7af9cd
MD5 hash: a08f23a15ef10b17370668cf5b9947ad
humanhash: quebec-kilo-oxygen-hotel
File name:Weemaes B.V.-PO74748392.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:148'824 bytes
First seen:2021-08-03 07:41:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3f04be9c844308940905412ae6398e70 (1 x GuLoader)
ssdeep 3072:7YIocqttkj0ufJOWJDZZWUVEZj9GQMUqxfKQX+Zz5U:8IlqtIA83WUVEZj9GQMUqxfKQuZz5U
Threatray 702 similar samples on MalwareBazaar
TLSH T17DE3F4DE7A74A42AF1033A3D4430DC94059C6CEC0A4DAA073D96F79AFBB5E412935D3A
dhash icon f0b2d47171d4b2f0 (1 x GuLoader)
Reporter Anonymous
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Weemaes B.V.-PO74748392.exe
Verdict:
Suspicious activity
Analysis date:
2021-08-03 05:13:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/06126ec1-3a6e-48a5-8d04-152cf27cfbf4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175959/
Detection(s):
SecuriteInfo.com.__vbaHresultCheck.18314.23149.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/09dced48-7eb9-4471-a972-a961de0a7520
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/825946
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc8e7690934b9059a1613d246a6c933df5dd7b1e333038dc76f7839dcc5697cd/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 07:42:05 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zshhneetjoiftilbhusgu3ethx2526y6gmydrxdw66bz3tcws7gq._file
Verdict:
suspicious
Similar samples:
0523c9c53027d822021a5b2bad5d216461c060396944da4bf8cd6cc1963deebb
GuLoader
81be23ce8636c948e1ac5c966ee5c34f738f8dc20aa85acedbca48f92e1ff363
GuLoader
9c20d2a4e22acfdf30c9b3cc30e5d5988454ac2eabaedfd4cbbc3b9bb5abdf27
GuLoader
9fe616b7f813e2de5c4ebf53b624e0f1577014aae677f9f73dc99d8c1b19d140
GuLoader
a6ab3a1ec39d3a4c0660bbfdbe8cbbdd89d9278cca176d7bff77d7aab00dd7ed
GuLoader
b9a9ec05af5b7ca80af675e1c9a6d1582775d1949d35b475111a8a8b32ac4a2a
GuLoader
cecab4db1eb666098828a5161c7a2c894b24f42fe7261b8231e766e1ce9a0794
GuLoader
f7c8f897e59132dc4f1a8f57bb3ce13b9e72ab08fb9cc61c038f9ef618444c15
GuLoader
fc55920200c36ee47942792a3be6e7f8b00e46fd83ae7bcd826fd32e547836ef
GuLoader
+ 692 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210803-xlqfkxaydn/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
cc8e7690934b9059a1613d246a6c933df5dd7b1e333038dc76f7839dcc5697cd
MD5 hash:
a08f23a15ef10b17370668cf5b9947ad
SHA1 hash:
7cc53628714dd9d69881be1d186adf7b3e7af9cd
Link:
https://www.unpac.me/results/cb267ac2-b1a5-406a-97ba-34bf37d82eb9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cc8e7690934b9059a1613d246a6c933df5dd7b1e333038dc76f7839dcc5697cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/175959/

Comments