MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226
SHA3-384 hash: 7c1ac0bd623aa5bdb7a306328d13645b4dee6626441b831806f8d7ec9eacc8be5468de4ed99a504600d2d4ddf077fde2
SHA1 hash: 12eee83a37b047af4610032fb3413ff3886e2080
MD5 hash: ef80587c41c329e507f7ad9b24037b67
humanhash: shade-batman-twelve-paris
File name:AAN2101002-V017..exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2021-01-11 08:53:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2a71f44ac1c823400003a5bea275b301 (4 x GuLoader)
ssdeep 768:5WaHBo+s2w1BD70JbMp6puJrOJrDLwVAea904epXWHrJnNJzB84:8alZwMi6puJrnha9+elrd
Threatray 4'634 similar samples on MalwareBazaar
TLSH C093B5B07961BF33F249DA799533E3286396B060E5F48C3BB4329A6C5A5378006597CF
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hole.com
Sending IP: 51.79.143.118
From: Nhung Do (Ms) <info.nhungbichthien@gmail.com>
Subject: 【PO】: AAN2101002-V017_
Attachment: AAN2101002-V017.arj (contains "AAN2101002-V017..exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=5D459187D4C37C0C&resid=5D459187D4C37C0C%21107&authkey=ANHE-uEm86Gs8Xc

Intelligence

File Origin
# of uploads :
1
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AAN2101002-V017..exe
Verdict:
No threats detected
Analysis date:
2021-01-11 09:04:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bc407043-41fe-4ce6-9f10-e4df884e097b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111247/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/577733
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kzpcdb4mxmpqfsbwihlx6i4u7nfxjuffavsiz32jrkwc5mpoita._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08361399bcfd6c87b301f7dd61be86d5eedf3013608d3cd98c818435bd43a724
GuLoader
1d7f1bd2e98ab61ef9f350289c83791d4da1463576ea3591b8cf3b9228f506ab
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
39e6a374774392541d763a447932461156263e643508c7958416023115d3ff61
GuLoader
4f6be4e4d79ceed809ddc6a51dd0acdd2e1eabd02253286f0230e0e1785a5586
GuLoader
88bbc0ebc2a2116be2d6b435e5d5df2a4467eae44c927de38fefee1950d9b0bb
GuLoader
a8881aef042f83e09cd52512b1332e82e791a5356f94eaeaacfaa1a3d4a0495b
GuLoader
bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743
GuLoader
+ 4'624 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210111-f2agthb4z6/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226
MD5 hash:
ef80587c41c329e507f7ad9b24037b67
SHA1 hash:
12eee83a37b047af4610032fb3413ff3886e2080
Link:
https://www.unpac.me/results/55d9a093-64b9-4b42-ac9a-8fb6fef828be/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj cbeeab8901c6624f627ced989318764beed385c64368dfe2a9ead1e5805a2d0b

GuLoader

Executable exe f2b2f10c3c65d8f81641b20ebbf91ca7da5ba685282b24677a4c5561758f7226

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/952173/
  
Dropped by
MD5 7829d8ef7f2ec43f80d882e137dcd45d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/111247/
  
Dropped by
SHA256 cbeeab8901c6624f627ced989318764beed385c64368dfe2a9ead1e5805a2d0b

Comments