MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec557f074316cadc0b768d98830fce492b5694c8bdf6bd45b5853659cfa9bbfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec557f074316cadc0b768d98830fce492b5694c8bdf6bd45b5853659cfa9bbfd
SHA3-384 hash: c8df555a106bcfbdc67b093f3c218f4d9e07cbb4adbfd63bb72fe0021eca2925840b0bf76963c1bfa0e377a6814459eb
SHA1 hash: 745ac8a8dcf8cd156f264b55bb3e70767bfa0909
MD5 hash: 045d96197f2a812ea05b2481ee854ba4
humanhash: mango-india-montana-magazine
File name:BILL OF LADING DOCS.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2021-08-23 18:09:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24d521a9ced4e83546d3fe0326ccb9ef (4 x Loki, 1 x GuLoader)
ssdeep 384:ADfURflgqjhc3mTw3e2QZIHvLE6vBWz1ItaH5fCVX05+GrMhqBSI2G5DA6KRmjA3:ADfUvc3uxZkHMyWf4X09rMGPM6KaADA
Threatray 5'421 similar samples on MalwareBazaar
TLSH T19D532893B7E4C759EF0B0A7515AEC27C09E5AD610488BB0BE7413FDA0F724411A9B3B9
Reporter malwarelabnet
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
223
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PACKING LIST DOCS.rar
Verdict:
No threats detected
Analysis date:
2020-11-10 22:46:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0729e6d9-9944-4062-a95c-b2ab1cb5ea9f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
GuLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/181602/
Detection(s):
Win.Packed.Midie-9790829-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1ad18bad-a493-449b-9882-3164071a27ed
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/613310
Signature
Antivirus / Scanner detection for submitted sample
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec557f074316cadc0b768d98830fce492b5694c8bdf6bd45b5853659cfa9bbfd/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 03:28:21 UTC
AV detection:
28 of 28 (100.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
14eb827b600c3f7ccf2af766d0fec868e6b0467eba9264f19b75427f95ef7cfa
GuLoader
29ae352903f7640f4f6a14941a71cf30c25d52188353385da877ece30acfb4d3
GuLoader
63349f5e1cb7e662593709d14ed76838362d5b81fd3efedf1b7b307f343fe377
GuLoader
720d5c1288e9cf537f8aff3cad69e7b6bbd0950240ccb40c422c4ab94f7a1b16
GuLoader
7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad
GuLoader
7e4bb8db363bbb2fdb438b89700166146671fca493247486d678cbff47bec727
GuLoader
8affd0d74b7fea47b03869e3fb44a1f76144b751503eac0d8c61c203f6a081f9
GuLoader
9ad452c41af7ed761449a51cca42b89827921f70f564331a4eed7a191c37c325
GuLoader
c2544476ab17fd3fb816a97f08f16548a73c106cca80e1f5e185086d25a9f414
GuLoader
d4d22a42f8307b64ffeeaa26275000213a940c1792231db0911678d7bbb2cfb9
GuLoader
+ 5'411 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader guloader
Link:
https://tria.ge/reports/210823-dlpfrjlnhs/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader Payload
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://onedrive.live.com/download?cid=279B0464D4F8B9F3&resid=279B0464D4F8B9F3%21117&authkey=AMUrs61YEcpELHs
Unpacked files
SH256 hash:
ec557f074316cadc0b768d98830fce492b5694c8bdf6bd45b5853659cfa9bbfd
MD5 hash:
045d96197f2a812ea05b2481ee854ba4
SHA1 hash:
745ac8a8dcf8cd156f264b55bb3e70767bfa0909
Link:
https://www.unpac.me/results/5d0b476d-6cc8-4e92-aff4-123c962d2d3b/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/ec557f074316/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/ec557f074316cadc0b768d98830fce492b5694c8bdf6bd45b5853659cfa9bbfd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/181602/

Comments