MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e13745c95f7bcf403f519efbdf2ab8988f5237c20f9054d994e1e3d8ecf12784. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e13745c95f7bcf403f519efbdf2ab8988f5237c20f9054d994e1e3d8ecf12784
SHA3-384 hash: b2f8a25b25b21ed742b55b1e49a933fb3518144c4004519cb797e55e1fb950696184cd8280ca95dff0e420d7a3446104
SHA1 hash: ba8b1adeecb7e60fa50a2a552360baf5502d7709
MD5 hash: 7544eded10b2ea827001c19e29fab1c2
humanhash: washington-thirteen-edward-virginia
File name:HSBC Customer Information.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2021-09-02 15:30:14 UTC
Last seen:2021-09-05 08:37:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c3787aec3a6cf97d3f0da30ff071277f (1 x GuLoader)
ssdeep 768:db2yCdr99ThHVVdN9Le4eSeb2HjDK9JUJgRGJZPbDIgP32VGoG0JJkzlyVZK1okn:dbBUhDVHPH6Rwt1e3Sl31oKw3TUD3
Threatray 4'858 similar samples on MalwareBazaar
TLSH T123A37D10ADD03AD7E356CA353C3E92546E38DC17E6168EA33154361A4CF6AF1293E52F
Reporter malwarelabnet
Tags:exe GuLoader guloader agenttesla

Intelligence

File Origin
# of uploads :
3
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/184838/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Creating a process with a hidden window
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d7724edf-a22c-42e8-af6b-b6be932cca6f
Result
Threat name:
GuLoader AgentTesla
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/844157
Signature
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Potential malicious icon found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e13745c95f7bcf403f519efbdf2ab8988f5237c20f9054d994e1e3d8ecf12784/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-09-01 20:59:36 UTC
AV detection:
14 of 27 (51.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4e3ulsk7pphuap2rt3556kvytchven6cb6ifjwmu4hr5r3hre6ca._file
Verdict:
unknown
Similar samples:
07a7e8b55aae7e593602a7dc0e67dbf0debb3ccd4c4d769d7fab0e34a675b4e7
GuLoader
3cbf0aeafec688023948cad7bf7475270ba9cb1acb0078cf1a9d6288f2751a20
GuLoader
41ab72f9ce1e64f569029d8b3f8c2fdf680fb75113b8d7451bc8d988cd5f6bd2
GuLoader
49de4524bd749523e1a8239eb6edecc62605ef2ed40852306795b839dec39270
GuLoader
522735989689a96d0e10e926aae941e58a695062254573c5796bb129e4c7703e
GuLoader
548aefb935e11a84133bd8b3d367d988b9ad2e3bde7f4c0fffcf6a94b529be72
GuLoader
7416875c44dab7adebe7e6809228adabe17c38abae4bf9c6d49c72fd967621e4
GuLoader
c6e5156c311412210237810450648947699d1c4862536a4e86b778e899627292
GuLoader
da71644ee66cad527be192aefdfb9e5c70f0977d111d95e3591c8221aca1ccfc
GuLoader
+ 4'848 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:guloader downloader keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210902-sx2l6aafa7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
AgentTesla Payload
AgentTesla
Guloader,Cloudeye
Unpacked files
SH256 hash:
e13745c95f7bcf403f519efbdf2ab8988f5237c20f9054d994e1e3d8ecf12784
MD5 hash:
7544eded10b2ea827001c19e29fab1c2
SHA1 hash:
ba8b1adeecb7e60fa50a2a552360baf5502d7709
Link:
https://www.unpac.me/results/740486ca-f563-4abd-8f30-c8beef69050b/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/e13745c95f7b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e13745c95f7bcf403f519efbdf2ab8988f5237c20f9054d994e1e3d8ecf12784

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/184838/

Comments