MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6857aa5fd52de7b5f61da1d7556c2aa04ca9040fbd399ab797b927fc06aef12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	d6857aa5fd52de7b5f61da1d7556c2aa04ca9040fbd399ab797b927fc06aef12
SHA3-384 hash:	1ed5c1c7170a6c86e4fc08dd05d685c272036d502eb89ddea1db9a53b41a007fca5967ee6020e6a8ba9c9a49ac133c40
SHA1 hash:	6c6135bc7737bd680f74311edea4cf3a3058b824
MD5 hash:	e06c8f5682360fb49c5c4b6b090037c6
humanhash:	massachusetts-potato-alpha-red
File name:	COSUTEC S.C.A. Pedido urgente Nº 5202135876.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	111'656 bytes
First seen:	2021-08-23 11:14:39 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	75bc8475f06791375ef37dcd653cffe7 (1 x GuLoader)
ssdeep	3072:nFHWPoFS8qLpv78sJcY7ly/++7wSnTw8zCjKYLK:nZWPoFfqLx7Feog/++7wSnTw8zCPLK
Threatray	5'367 similar samples on MalwareBazaar
TLSH	T1A1B39FD577C3DC6ADB4AC6B01BD1867810F1587015B117EFA1DBEE0C0663AE0AA6DF28
dhash icon	9386c6f232a6d2ac (2 x GuLoader)
Reporter	lowmal3
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

177

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

COSUTEC S.C.A. Pedido urgente N� 5202135876.exe

Verdict:

No threats detected

Analysis date:

2021-08-16 11:14:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/adbb203b-bc96-48fe-90a0-2b7b2ee9d090

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.46808967.8813.15434.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Creating a process from a recently created file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b7fba95a-aeff-4fe7-9b99-6d50e5a64bc9

Result

Threat name:

GuLoader Lokibot

Detection:

malicious

Classification:

troj.evad.spyw

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/833698

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

GuLoader behavior detected

Hides threads from debuggers

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file access)

Yara detected GuLoader

Yara detected Lokibot

Behaviour

Behavior Graph:

Download SVG

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/d6857aa5fd52de7b5f61da1d7556c2aa04ca9040fbd399ab797b927fc06aef12/

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2021-08-16 16:59:45 UTC

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=22cxvjp5klphwx3b3ioxkvwcvicmveca7pjztk3zpojh7qdk54ja._file

Verdict:

unknown

GuLoader

2c2b9e423c5ae9ef99565d76a6d7d4b6d5e394f523539b447a633c803e9372a3

GuLoader

5e3c17b9a8fb04fc0de847833073fba6b1f5b4c302c003cfb888f93e4bd54adf

GuLoader

60fe4a1f0ed577bfa8d10195a3d1123b0a7ab551d3579686ee6ac6bc18282fe5

GuLoader

73b83d70f24909aea7920a86029b43198979d7e31ab768619371e12fc7399f93

GuLoader

8179d2c371934e7f748fdf033d96a3b527158348e87ec21f1576136ede5d2d17

GuLoader

96beaff70c51e04f38db0943eddd24ecc142ef2815d536b82655e25fbf5a54db

GuLoader

dd1c6d47aacdb7b4eb9d0d77d669ed9e73bf8b59a03963b5b8681df64bfb2736

GuLoader

faf4898dc104ee27f1d2adafa647094f57d9b282d6b3e7654c78e3d55eada723

GuLoader

+ 5'357 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210823-pwtx3fyjqe/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

d6857aa5fd52de7b5f61da1d7556c2aa04ca9040fbd399ab797b927fc06aef12

MD5 hash:

e06c8f5682360fb49c5c4b6b090037c6

SHA1 hash:

6c6135bc7737bd680f74311edea4cf3a3058b824

Link:

https://www.unpac.me/results/d691c3af-2dae-4f86-aac3-a6adba05f715/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/d6857aa5fd52de7b5f61da1d7556c2aa04ca9040fbd399ab797b927fc06aef12

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

exe d6857aa5fd52de7b5f61da1d7556c2aa04ca9040fbd399ab797b927fc06aef12

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample