MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997
SHA3-384 hash: 72569e1b197b413646b11557ae82d6c343c476defab979b9c581df1f25694e49bb38cf61bdde098f7704c95e753dfa79
SHA1 hash: c513f61b28a5602768fc3a07bea6efe0b743dc26
MD5 hash: 13fe879d4b0acd6b10e9e4db7fcf3a49
humanhash: pip-cat-low-sierra
File name:URGENT SWIFT COPY FOR JUNE 14 2021.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:270'336 bytes
First seen:2021-06-14 22:29:24 UTC
Last seen:2021-06-15 14:53:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash adaafa2c180eccb7addf1201d12c8322 (4 x GuLoader)
ssdeep 3072:HqCxEJQKX+an/XCf1Tth5P9+Zz3YaXygA1kkX31Z902v4:K3vCf1Bh51+Zsjgqdl8
Threatray 116 similar samples on MalwareBazaar
TLSH 3544C803B2477626D1A89C7026ABD12A77FB2D77F21058033AC1BF27A7349A77DB0516
Reporter Anonymous
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
URGENT SWIFT COPY FOR JUNE 14 2021.exe
Verdict:
No threats detected
Analysis date:
2021-06-14 22:30:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/de723981-a13f-4b1e-8444-61f53bc03dfb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.31356.7264.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/234eddfc-6d7b-41d2-a696-b94d544b0b19
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/802049
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-06-14 21:05:15 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
053a140695b51c69a923f0929b0cf46371168d1d7b77d96b0f8da88da976a197
GuLoader
520529fc3ccecc89fe03add329fc847461f7b11d77673afc8886f8d48bc10b76
GuLoader
5ae1e20709a0557d7d4a90411f73981934d2184d4e6ee18c8a2cfe81a2381452
GuLoader
5cc55fa0f006fc7c39f68a9aa2d7c2debe52c0e9f8ee955bacced2cf0d2aae8b
GuLoader
8926bb6b6590a5a180cc10a7cedfb5df1e5d12013aeb23224bf917013ccb25a2
GuLoader
a5672f1287903b21f8fe4bd1851487e8ab37b380a6a78fc050cfbc2285daf8bc
GuLoader
a7131ae0e125a318b8298a90aa440839697ccf45a9e48b475419c8186c13df1e
GuLoader
c08e9dc3b7237d74908e572f68d6808dc155f632243a87eaef985c67c9caee85
GuLoader
cac635b83d0ee884f8d8bbce419b4c9d13273f4a10c450c2ea50830dc683e3ac
GuLoader
e5885f71c6fb1a072681d448a1baf5c8206887e79cb7900e0eb4246efa27011f
GuLoader
+ 106 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210614-3hsdghyy9e/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://onedrive.live.com/download?cid=BAC03012EC7BD279&resid=BAC03012EC7BD279%21114&authkey=AETxWDW7LlqQvxw
Unpacked files
SH256 hash:
f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997
MD5 hash:
13fe879d4b0acd6b10e9e4db7fcf3a49
SHA1 hash:
c513f61b28a5602768fc3a07bea6efe0b743dc26
Link:
https://www.unpac.me/results/f220c03f-9e5c-4e07-87a3-8005f4c1512e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link

Comments