MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5885f71c6fb1a072681d448a1baf5c8206887e79cb7900e0eb4246efa27011f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5885f71c6fb1a072681d448a1baf5c8206887e79cb7900e0eb4246efa27011f
SHA3-384 hash: ae97350ddd788dfa7f96fe0a11a459b35f76faaaf8a1d8d6cd47cf09cf1047c9895f7c230fdd0e88a45d6a82cf451e7b
SHA1 hash: 114f45a9a546e3001fb42eeb03c1375b0a296789
MD5 hash: 672d03ea2a5d52eaaac669ed0295d321
humanhash: india-butter-nitrogen-diet
File name:NEW EXPORT COPY DOCUMENT_IMG_JPEG_EXW_32765100214532116_JUNE 2021.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:270'336 bytes
First seen:2021-06-14 22:30:27 UTC
Last seen:2021-06-14 23:40:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash adaafa2c180eccb7addf1201d12c8322 (4 x GuLoader)
ssdeep 3072:a9JmDjJ7Mb+bnPdCJJ8G3j5AZP59+aNHH8JkZLEji7/XfhI52o4:GJm1CJJRj5AP/+aN8mLIO/6
Threatray 59 similar samples on MalwareBazaar
TLSH 0C44B843B2477626D1A89C7026ABD12A77FB2D77F21048033AC1BF2767349A77DB0916
Reporter Anonymous
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
246
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
NEW EXPORT COPY DOCUMENT_IMG_JPEG_EXW_32765100214532116_JUNE 2021.exe
Verdict:
No threats detected
Analysis date:
2021-06-14 22:33:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7796f139-6660-48e6-9584-a682ff5242c7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.23149.26191.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/da2e057b-fc09-4669-937d-35913505f434
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/802050
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Executable has a suspicious name (potential lure to open the executable)
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5885f71c6fb1a072681d448a1baf5c8206887e79cb7900e0eb4246efa27011f/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-06-14 03:55:00 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
02067a8419dc011a977a7f84edb67c3b9e8925248f132d2ee863c5576a29a0b9
GuLoader
0cf5cda3657648c661cd0cb58e06e6ccb488d66e27cda1102121eb2572053bdd
GuLoader
0f9f76e8ffa64b600745b99b8f7b51cfa151299424e6523995c6c0bcd7a5cd6b
GuLoader
1e7f88a0e73d63b2f6bbbb4c009b1eec11999ce62da1d3122473cabd502134c2
GuLoader
8926bb6b6590a5a180cc10a7cedfb5df1e5d12013aeb23224bf917013ccb25a2
GuLoader
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
e16c2f6e8bad564692abd575007f18e17013e423d7cfe8882872d021ef3439f2
GuLoader
e1ef53521aed004fe790b232883a12cb5f241ead4c81718b08ac0150323563d4
GuLoader
f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997
GuLoader
+ 49 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210614-edjt72f11x/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://onedrive.live.com/download?cid=BAC03012EC7BD279&resid=BAC03012EC7BD279%21112&authkey=AA4jGf_o12jxHp8
Unpacked files
SH256 hash:
e5885f71c6fb1a072681d448a1baf5c8206887e79cb7900e0eb4246efa27011f
MD5 hash:
672d03ea2a5d52eaaac669ed0295d321
SHA1 hash:
114f45a9a546e3001fb42eeb03c1375b0a296789
Link:
https://www.unpac.me/results/1d75286e-23f8-4283-898b-700c0cdc6cf5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e5885f71c6fb1a072681d448a1baf5c8206887e79cb7900e0eb4246efa27011f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link

Comments