MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebd0a0e856f921625c52706425c843d964fd8c63641b8c432e1f8a4d2ade9261. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebd0a0e856f921625c52706425c843d964fd8c63641b8c432e1f8a4d2ade9261
SHA3-384 hash: c10bfa3f3baa7666681d3d85e13cac6d3ae605ddab71c8403c43e7a3ab3d69996568f614f08ecd5b9cf8ebf3ce1dd311
SHA1 hash: 7f94a03c62291e85bd80aa541848eb9b58d6a767
MD5 hash: 93ee7591e967880eaa9fed20f3ac7fa7
humanhash: november-july-single-washington
File name:RFQ_2021.07.15.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'564'672 bytes
First seen:2021-07-15 02:33:34 UTC
Last seen:2021-07-15 03:40:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 80d8f284f3886382c0f49f87c4c22913 (1 x GuLoader)
ssdeep 6144:g6htG0fullL4Mrs1anOwNSbg5GJ6AZWZIdbfK9f/gurS5R0ZB1cIfFjyjrcI1Q+J:734nGMJtZIF+fC5IUi1XKnZMvMqDm0Y
Threatray 898 similar samples on MalwareBazaar
TLSH T1B975CA0276CBF56AE4AA94B8377DE61F38043C7226111907BEC07FA6B4750DB36A4D1B
Reporter Anonymous
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
196
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ_2021.07.15.exe
Verdict:
No threats detected
Analysis date:
2021-07-15 02:26:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cc670b7c-bbb6-4c08-8a92-d78541ad87a0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171846/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.19833.27685.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d84caf3d-04da-4256-9cae-c06bb3f4699d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/816635
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebd0a0e856f921625c52706425c843d964fd8c63641b8c432e1f8a4d2ade9261/
Threat name:
Win32.Worm.Wbvb
Create hunting rule
Status:
Malicious
First seen:
2021-07-15 02:23:18 UTC
AV detection:
2 of 46 (4.35%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pikb2cw7eqwexcsobsclscd3fsp3dddmqnyyqzod6fe2kw6sjqq._file
Verdict:
unknown
Similar samples:
148588102731dd9742cd698c882b48c4b49cbfdd868647a83a15a0cbb1f0c8ca
GuLoader
1fc65a967ab063e5d58e0358b81f9eca048b47013f1e2b1383d8f028b114cffd
GuLoader
5cc027a4132a6238c1c280b1000aef347ba72337e743b086a0bc69d7b5b76e3c
GuLoader
6876aa707adeeffbe08d86d26c6cf48b8d77d46c96f8ace28a523b0a846db38f
GuLoader
7b1f41c2637cb64002e085187d4c5fdecea9153e28207ebab8984473771919f9
GuLoader
9435308eb1024c0e11753dc2412b9243af69d7388817e3aebc59a4a58f2ec372
GuLoader
99b13841abbf0c2bf736ab08e0e7f48cd28cab2e69eff60399de65e0eced2e68
GuLoader
a4d801e88635f298ec71796cafeaf6880547b35be5b8ee18aea59ed85e63ece6
GuLoader
d64217395d8a43cd86ae4f154bcfcb62755241a26e4bfbdd06f049fbbfa38fca
GuLoader
e88388bec3164944678627db062b753e76b6f7f710a9fabc43dfe69e7df2f366
GuLoader
+ 888 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210715-jechwzy13n/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
ebd0a0e856f921625c52706425c843d964fd8c63641b8c432e1f8a4d2ade9261
MD5 hash:
93ee7591e967880eaa9fed20f3ac7fa7
SHA1 hash:
7f94a03c62291e85bd80aa541848eb9b58d6a767
Link:
https://www.unpac.me/results/d3d44933-a25b-4f11-b16c-de995d46f205/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ebd0a0e856f921625c52706425c843d964fd8c63641b8c432e1f8a4d2ade9261

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/171846/

Comments