MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dae2e3aa32abc07c6a74931419cb6a70ada6b1c7c3e7bd4959468c67b8ac25c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dae2e3aa32abc07c6a74931419cb6a70ada6b1c7c3e7bd4959468c67b8ac25c4
SHA3-384 hash: b0f42c121008fbe561e520c43604f70831159706fb0388584f414c691944287e2cc5f1e77308a13c373a425600494d44
SHA1 hash: a5b97e967470046440650a644e83ef33acb52285
MD5 hash: c586c158732d51fa4b3d5e6f440e0f58
humanhash: glucose-fruit-pasta-alabama
File name:c586c158732d51fa4b3d5e6f440e0f58.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2020-12-10 11:12:40 UTC
Last seen:2020-12-10 12:32:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 03cbb8bb25ff0a3d63b28f348ad34535 (1 x GuLoader, 1 x NetWire)
ssdeep 768:1x6DMXyJ09qXO+aHRDXQgklgvLSgRTdFlrrrqlvF/uT7wRChHbhZHvF8El:DoYdZQ0vb9dFdrcuTCChvD
Threatray 4'262 similar samples on MalwareBazaar
TLSH 3C632815B90E8F63D3F10FF59B2191B497772C30A7228E2A35B32FDA153E7509A9216C
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://45.15.143.142/nn.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
348
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
13bb355c25fdbf5f65580bd7a23cf9ee.xls
Verdict:
Malicious activity
Analysis date:
2020-12-10 07:42:23 UTC
Tags:
macros macros-on-open loader
Link:
https://app.any.run/tasks/dd76a4bc-ed22-4a4f-9894-58982d514dba

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.ArtemisC586C158732D.2906.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Creating a process with a hidden window
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dae2e3aa32abc07c6a74931419cb6a70ada6b1c7c3e7bd4959468c67b8ac25c4/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-12-10 11:13:08 UTC
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3lrohkrsvpahy2tusmkbts3kocw2nmohypt32skzi2ggpofmexca._file
Verdict:
unknown
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
12e01498b7e13b32762590b5b20c5310bf388ea837dc52323dc9bc90de1166f6
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a4a0067a0756996b12da1316f2574a16316d050b675114c8ae60c35e99cf5b
GuLoader
5df5978473c4b77bcb6a3ec9d13f4c0e10b03a1aa82118235a6cf748f2c7809d
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
+ 4'252 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201210-blktv8rlps/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
dae2e3aa32abc07c6a74931419cb6a70ada6b1c7c3e7bd4959468c67b8ac25c4
MD5 hash:
c586c158732d51fa4b3d5e6f440e0f58
SHA1 hash:
a5b97e967470046440650a644e83ef33acb52285
Link:
https://www.unpac.me/results/f4f50edd-2a55-459e-9c04-ba708fa9b447/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dae2e3aa32abc07c6a74931419cb6a70ada6b1c7c3e7bd4959468c67b8ac25c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe dae2e3aa32abc07c6a74931419cb6a70ada6b1c7c3e7bd4959468c67b8ac25c4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/904378/
  
URLhaus
https://urlhaus.abuse.ch/url/906398/
  
Delivery method
Distributed via web download

Comments