MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1e293cbd9c3deeabfdea61324e45217067414499d34ab8c6add548bb8c926ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e1e293cbd9c3deeabfdea61324e45217067414499d34ab8c6add548bb8c926ec
SHA3-384 hash:	e0ec8557b20c06a1d45030d834db72ae8e683298f402e8d8b89171a3a5428b068eb1c33efe5e853a1b49bb00d4c6722c
SHA1 hash:	c7b819f97655dacfe5693df3c40f09c5afedf74f
MD5 hash:	7fb3aaf58328ae011bebff3f12a13fea
humanhash:	lake-fruit-october-stairway
File name:	RFQ-PO874849404.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	233'472 bytes
First seen:	2021-07-14 02:24:54 UTC
Last seen:	2021-07-14 05:52:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	91c52bc398fe162761407fc34944ce70 (1 x GuLoader)
ssdeep	1536:g7x0PQWcBJgtp4OqCn5VqYJHD9u583kAEJhyCuv0q614eep5CrBG9YrtEc727APe:AJvBml54cHDfEuv0q62eepkdGl8Gl/
Threatray	5'151 similar samples on MalwareBazaar
TLSH	T14D344132DBD0DB19C5483DBD7831986761016811F21AAA9F5390FEB936E16A37DEE303
Reporter	Anonymous
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

3

# of downloads :

167

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

RFQ-PO874849404.exe

Verdict:

No threats detected

Analysis date:

2021-07-14 02:09:31 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/741a500b-f80e-4e18-abe0-434661a08cf1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/171534/

Detection(s):

SecuriteInfo.com.Variant.Razy.892600.27435.28679.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c7a29022-f2ab-4415-96e6-b9a26c054a39

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/815967

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/e1e293cbd9c3deeabfdea61324e45217067414499d34ab8c6add548bb8c926ec/

Threat name:

Win32.Trojan.Razy

Status:

Malicious

First seen:

2021-07-13 17:34:00 UTC

AV detection:

14 of 29 (48.28%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4hrjhs6zyppovp66uyjsjzcsc4dhifcjtu2kxddk3vkixogje3wa._file

Verdict:

unknown

Similar samples:

51ab426459849264d137a4ff13c7846e4e6a1024981d749de08ff634104784e3

6a3131b719f6687d8d51316dc8fd7ec2eb5bda66eca9220f66d0c1b0853d470c

82cb0039a905337de09b58384a3fb700e278d2ce0372f348a65068ad80d8754d

8c6cae9078b175b331c1d6154045deea386850a75e4e2a250fe4f4d920cf1a4a

9b440cf6d2e182fc01815a943cf8aee5738329211a8231738e811247e9b897df

aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14

b89879aceeecfb9524dd5e08dde9afb89d7d39d5a4fc1c1cd4736693bf4cc39d

ca494728c8c51660ea593cb3db29dad5489c391eb7fc113304ddba46a78c040c

e6d45c8f7164f652dd925f695a8d001b5e991796c65b65c89fe3c61514c619ee

f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226

+ 5'141 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210714-aes55zhx56/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

e1e293cbd9c3deeabfdea61324e45217067414499d34ab8c6add548bb8c926ec

MD5 hash:

7fb3aaf58328ae011bebff3f12a13fea

SHA1 hash:

c7b819f97655dacfe5693df3c40f09c5afedf74f

Link:

https://www.unpac.me/results/5ad6624e-6808-4234-bf4a-dc273068ece8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e1e293cbd9c3deeabfdea61324e45217067414499d34ab8c6add548bb8c926ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/171534/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample