MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf62a78fa8483a391861a1eb56322cc8fd9ccecca90629398ec54ed62af6114c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	cf62a78fa8483a391861a1eb56322cc8fd9ccecca90629398ec54ed62af6114c
SHA3-384 hash:	6d11d3d5564a95f5ffc441d057bff99a21ea4f32bd76ba8184d9c6e4c0e59aa59eb2bf76c9aae4745b30fa9d1f43b87a
SHA1 hash:	9f6f3fed450b5887110424d81279ab138bbf6519
MD5 hash:	6572076bc21603b0612703e4dd2e1f67
humanhash:	iowa-princess-tennis-gee
File name:	6572076bc21603b0612703e4dd2e1f67
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	147'456 bytes
First seen:	2021-06-15 06:51:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2c08d8f9644132654eb702b279083d5c (6 x GuLoader)
ssdeep	1536:w+mqfTK8fKzFDwZbo+Ag+8ItLItgkBGsXy0exhDoQa8N:ZlfABDi+8Itegk7y0yV3N
Threatray	5'130 similar samples on MalwareBazaar
TLSH	B4E38332F7836500F9668070FC159AFEB9546F316C439D0BA6F2BB0D6175ED3B6A0A12
Reporter	zbetcheckin
Tags:	32 exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

250

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

6572076bc21603b0612703e4dd2e1f67

Verdict:

No threats detected

Analysis date:

2021-06-15 06:52:57 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/83c632d1-e4d1-4844-96e1-9d90311cee24

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Guloader

Link:

https://www.capesandbox.com/analysis/166397/

Detection(s):

SecuriteInfo.com.Variant.Graftor.963667.18225.3804.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/df957910-5f2f-45f4-847a-ea82cab3f2f6

Result

Threat name:

Unknown

Detection:

malicious

Classification:

rans.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/802174

Signature

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found potential dummy code loops (likely to delay analysis)

Multi AV Scanner detection for submitted file

Potential malicious icon found

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cf62a78fa8483a391861a1eb56322cc8fd9ccecca90629398ec54ed62af6114c/

Threat name:

Win32.Trojan.Graftor

Status:

Malicious

First seen:

2021-06-15 06:52:12 UTC

AV detection:

10 of 46 (21.74%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=z5rkpd5ija5dsgdbuhvvmmrmzd6zztwmvedcsomoyvhnmkxwcfga._file

Verdict:

unknown

GuLoader

1c958bc2a268ce3f104a35882f694f8bead71015937bfb99b0986400ab29d703

GuLoader

60fe4a1f0ed577bfa8d10195a3d1123b0a7ab551d3579686ee6ac6bc18282fe5

GuLoader

686b8fac1748af72f6e0a35af456c7f473de446ba5df5430411c9ffd4c8943a0

GuLoader

6da9387b15b610559fccc33c85fc328e56089b7356952782d0cdf49a9898404c

GuLoader

7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad

GuLoader

80a6e67c230f2f2bad5815d0ead68bb209575960b623ae7fc9952981132656d1

GuLoader

a2a95abdc357f8ebb4ad5ac4017cca21882d67431e7afc49dd268182c8214506

GuLoader

ab4d24e50b96e4358963a8232d7244c0aaf208cfec8c8d5022871547ed795fc9

GuLoader

c9d7f98f32268cf0a37e645d801608ba1135ff089f48854ccfc385aefebfce25

GuLoader

+ 5'120 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210615-949x8emd32/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Malware Config

C2 Extraction:

http://farmersschool.ge/bin_xGnJuyZRf54.bin
https://bara-seck.com/bin_xGnJuyZRf54.bin

Unpacked files

SH256 hash:

cf62a78fa8483a391861a1eb56322cc8fd9ccecca90629398ec54ed62af6114c

MD5 hash:

6572076bc21603b0612703e4dd2e1f67

SHA1 hash:

9f6f3fed450b5887110424d81279ab138bbf6519

Link:

https://www.unpac.me/results/24d6ed35-0809-46e4-be6e-98e533003e5b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/cf62a78fa8483a391861a1eb56322cc8fd9ccecca90629398ec54ed62af6114c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe cf62a78fa8483a391861a1eb56322cc8fd9ccecca90629398ec54ed62af6114c

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1367787/

Cape

https://www.capesandbox.com/analysis/166397/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample