MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6aef13368e192ef56a7909da02b2dc37144fe583c965140bac9d01bd450f53b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6aef13368e192ef56a7909da02b2dc37144fe583c965140bac9d01bd450f53b
SHA3-384 hash: f10d5c8ac08b3365c4c29dd7c4dcca03c1cc91cdda97acd6255f79c8a72735bb994cd808eb0792c936f8c9377f104b95
SHA1 hash: 23e2a42faf48bab204e07fcc180ff209f8c00f2e
MD5 hash: 04e7c4f685a95f7529b3f0bedfd576bb
humanhash: low-network-cola-west
File name:04e7c4f6_by_Libranalysis
Download: download sample
Signature GuLoader
Create hunting rule
File size:253'952 bytes
First seen:2021-05-24 12:02:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 55a503a3bd20df6ca8e85e03331a4fd1 (3 x GuLoader)
ssdeep 1536:GsEdqiWjX4pVX8DuiY3I+iNH3YwheS4dEzKxyxLilqgfkch:G7d2YVEuF8NxheSX2x2OhfNh
Threatray 1'438 similar samples on MalwareBazaar
TLSH 2444C6B39E64D9CDED9AC83C453F8B229E54F8F1783A0637E1579B48F520E92910731A
Reporter Libranalysis
Tags:GuLoader


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
JIBBOOMS.exe
Verdict:
No threats detected
Analysis date:
2021-05-24 11:54:53 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6252907f-9e48-435c-a87f-4b01a4089858

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/161428/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/790316
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6aef13368e192ef56a7909da02b2dc37144fe583c965140bac9d01bd450f53b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-05-24 10:55:18 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=42xpcm3i4gjo6vvhsco2akznynyuj7syhslfcqf2zhibxvcq6u5q._file
Verdict:
suspicious
Similar samples:
03735650255866b1c2592bcb4567cbcb2b9d23eea5430d2e7d7c6315abadb5ad
GuLoader
0c856e57da034a8943b4065297d075365090d9eb925abb7ba74dd3df9acefc1f
GuLoader
27084ca2efd9f211569b913d31d8caee75cb773e73367c3f6cd40a78889a1934
GuLoader
31de85bffebf15b904ab8046680be20058efb7a2a411ec79c694194082a93e3b
GuLoader
3fda3b75f031e3800ff8714a936af691dafd64ae8f08a2d5cc8df19363391c09
GuLoader
6f8582beb15fc9d7978cf5664d99f426efc02d3c95aba21cf47520a16dc5a831
GuLoader
9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248
GuLoader
9f38ade8e53d28eef33a81e0559b92b44fa878ae9b61fadd3bb245d33486e2c0
GuLoader
c51924bcaad1fd98393bd75c23f6ca084bfed8f346085520bf61b550f85a3fa4
GuLoader
eb4570798beea07da40f390f8740e6ea4e735653a70cde0414997e23f87e1de6
GuLoader
+ 1'428 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210524-xd8wsxmmqx/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
http://whitelabelcreations.com/build_QsQUlICXAL45.bin
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e6aef13368e192ef56a7909da02b2dc37144fe583c965140bac9d01bd450f53b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/161428/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-24 13:04:08 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.035] Anti-Behavioral Analysis::Process Environment Block BeingDebugged