MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce5c54ac577153e15fb793c022b54fb473752b876525111d6aac97369e72e85e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	ce5c54ac577153e15fb793c022b54fb473752b876525111d6aac97369e72e85e
SHA3-384 hash:	fb725900aa396ae412b68abb4ebea56027a938b25d9bb5293af63ed5cbf2c12a1997d0c780d52e9c9adb14c0ef5e41be
SHA1 hash:	0df37fc08be54473b10eb19b58217174979267cf
MD5 hash:	51f67dbc6ec49398e7ab10a15aab6c85
humanhash:	zebra-sweet-undress-eleven
File name:	shipping documents.xll
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	670'208 bytes
First seen:	2022-02-14 07:13:29 UTC
Last seen:	2022-02-14 09:16:59 UTC
File type:	xll
MIME type:	application/x-dosexec
imphash	be710ba34b048ab0098050ccf62e369c (18 x Formbook, 14 x Dridex, 9 x AgentTesla)
ssdeep	12288:R0Ws7IMtR4yVld8bzbBSreDozgFK/UqWc:R0bdkX1YcL
Threatray	23 similar samples on MalwareBazaar
TLSH	T1AAE46C55BECA6EA1EFBF47BB8361D62D0226735D03A1A6CF760305993951FC2443EA03
Reporter	abuse_ch
Tags:	GuLoader xll

Intelligence

File Origin

# of uploads :

# of downloads :

280

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.MSIL.TrojanDownloader.Agent.KCF.24197.7516.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/ce5c54ac577153e15fb793c022b54fb473752b876525111d6aac97369e72e85e/results/dashboard

Gathering data

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ce5c54ac577153e15fb793c022b54fb473752b876525111d6aac97369e72e85e/

Threat name:

ByteCode-MSIL.Trojan.ExcelAddin

Status:

Malicious

First seen:

2022-02-14 04:16:58 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

19 of 41 (46.34%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zzofjlcxofj6cx5xspacfnkpwrzxkk4hmusrchlkvsltnhts5bpa._file

Verdict:

unknown

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/220214-h2nkzsgca5/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops file in Windows directory

Loads dropped DLL

Downloads MZ/PE file

Executes dropped EXE

Guloader,Cloudeye

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ce5c54ac577153e15fb793c022b54fb473752b876525111d6aac97369e72e85e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample