MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcac13ea9cabdb1cf79c2afaf817ad2eabfba2de2db22cd730b9883d02c9c9d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dcac13ea9cabdb1cf79c2afaf817ad2eabfba2de2db22cd730b9883d02c9c9d0
SHA3-384 hash: d1c7626052cae5fd1b200a3ada5e608f910e7f4ad3eb933900a38be6de2c0d7738035e6423609971c2ab1c2d5132ef4c
SHA1 hash: bf2efa36480ea94ef6591815f743282a0921707b
MD5 hash: bee146c61834ee17bff59721c6f53f54
humanhash: lima-sweet-fix-video
File name:PRUEBA DE PAGO.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2021-09-17 18:31:56 UTC
Last seen:2021-09-17 20:19:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 192568bbd6059cbff7dcd564f9b7c64d (6 x GuLoader)
ssdeep 1536:UL3yv66RExI+W2j1vrgU6IklM56sKYt2UMteTxLnKugGR:kifRktdsekoVEUw6F3g
Threatray 5'895 similar samples on MalwareBazaar
TLSH T150A327A36591D062D2CC45F1D8E685F13016ACC9D6C82E0FFC7ABD69F879F0268D139A
dhash icon ceb2b2b2b28ffcd4 (6 x GuLoader)
Reporter abuse_ch
Tags:ESP exe geo GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
197
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PRUEBA DE PAGO.exe
Verdict:
No threats detected
Analysis date:
2021-09-17 18:35:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0e401e5e-514f-44c6-8f22-3649d973d003

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/188781/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.23385.19033.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/61752e8ba9d585e6d5371329/reports/5bfda837-28b5-4f75-b6d4-e742d75ae265/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/58dd41cb-3185-4ae6-855c-e9daad084480
Result
Threat name:
GuLoader AgentTesla
Create hunting rule
Detection:
malicious
Classification:
evad.spre.troj.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/852934
Signature
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: RegAsm connects to smtp port
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dcac13ea9cabdb1cf79c2afaf817ad2eabfba2de2db22cd730b9883d02c9c9d0/
Threat name:
Win32.Worm.Wbvb
Create hunting rule
Status:
Malicious
First seen:
2021-09-17 18:32:13 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3swbh2u4vpnrz544fl5pqf5nf2v7xiw6fwzczvzqxged2awjzhia._file
Verdict:
suspicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
4e71438e192d70fd27b4eb7c9da6ffc559619681e58c2039f095df8cf6d8475c
GuLoader
617738e1dd2b1ca260fe4cd650b249406c2b26adf903f38e8bf7b6b6cae031e2
GuLoader
6cbaf335b0737ddf3f782688324856ef573d1978897299461f7a43c8efeaa008
GuLoader
a6770c3060c17eea5b16f45535cf9bd85b0c00ea22123da28137c5ba83311a0b
GuLoader
da71644ee66cad527be192aefdfb9e5c70f0977d111d95e3591c8221aca1ccfc
GuLoader
fc4e44c0b91ce5f076bab43f739c4100de70423b9e867d2f34ff265e37596bd9
GuLoader
+ 5'885 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210917-w6l5lsgbe2/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
dcac13ea9cabdb1cf79c2afaf817ad2eabfba2de2db22cd730b9883d02c9c9d0
MD5 hash:
bee146c61834ee17bff59721c6f53f54
SHA1 hash:
bf2efa36480ea94ef6591815f743282a0921707b
Link:
https://www.unpac.me/results/8c006b49-cc18-45a9-93d5-1a3d669a932b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dcac13ea9cabdb1cf79c2afaf817ad2eabfba2de2db22cd730b9883d02c9c9d0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe dcac13ea9cabdb1cf79c2afaf817ad2eabfba2de2db22cd730b9883d02c9c9d0

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/188781/

Comments