MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f50e2cbd23d058c6f0b1b147c1ee77ccd969b9f895375aed3c42ccbab0bbbe15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f50e2cbd23d058c6f0b1b147c1ee77ccd969b9f895375aed3c42ccbab0bbbe15
SHA3-384 hash: 3b482a7eb74c5309f19676ab34776887a575a13383e06ac6e8a58c24b8788de5032a95e62289b41423a259a201424591
SHA1 hash: 54935d5f7a59384ba8d1b26e25bbbc394e91922a
MD5 hash: 74b1969d9f41c94a1a07431b65bbf390
humanhash: april-cat-two-oscar
File name:74b1969d9f41c94a1a07431b65bbf390.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2021-06-10 13:09:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9b8686288ab82fdbf8ede30bc55c83b7 (4 x GuLoader)
ssdeep 1536:vMaIFFEMgx3vnWE7Hpm6IJNTcXmXSt4lYEQe3pyzBEkWKS:ExFQvWy8lxc14lwe3pyzyjKS
Threatray 5'019 similar samples on MalwareBazaar
TLSH 5AE32E21BA20E123E4859074FE55D3DEA4013F721E9F9903768D7F9A503E3CBA6F2916
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://genitoriborgosatollo.it/main/client_sOcehs220.bin
http://amandaduquenoy.com/wp-content/plugins//masterx/back/client_sOcehs220.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
218
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
74b1969d9f41c94a1a07431b65bbf390.exe
Verdict:
No threats detected
Analysis date:
2021-06-10 13:23:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5940bfde-2682-4623-9211-44c02cab2ca1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/165874/
Detection(s):
Win.Trojan.Jaik-9870266-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/800199
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f50e2cbd23d058c6f0b1b147c1ee77ccd969b9f895375aed3c42ccbab0bbbe15/
Threat name:
Win32.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2021-06-10 10:05:23 UTC
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6uhczpjd2bmmn4frwfd4d3txztmwtopysu3vv3j4ilglvmf3xykq._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
2329a8fab1e06893e9a9abd51129dfe704bd63347688af81857cae9678c46743
GuLoader
2b2a00650dc91d1a7ccfa4a62e3462762c62d8a092bddb75943f87074f1d56a5
GuLoader
3ee7986c2ffb27457b0e9d270fdd477c953c310503fffc27aed1aa8cc6e8c70d
GuLoader
60fe4a1f0ed577bfa8d10195a3d1123b0a7ab551d3579686ee6ac6bc18282fe5
GuLoader
90e34c74bec2e84fa0a134d4204f4ae6c5373eb539d384072db0e42370d7d2e9
GuLoader
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea
GuLoader
9a825ee20f777192913e6c02d8038cdb34907bbcfdec074f664516668f7d1339
GuLoader
b9e5915f642758973d2c67b5fbf9cccb8b2f5f171442a6660db72f83cc1d8c35
GuLoader
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1
GuLoader
fec8c1d5d9684d4504d77d2b9e5bc5af9b4701d3f893968bb3746c4578bbd093
GuLoader
+ 5'009 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210610-793gtw5hb2/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://genitoriborgosatollo.it/main/client_sOcehs220.bin
http://amandaduquenoy.com/wp-content/plugins//masterx/back/client_sOcehs220.bin
Unpacked files
SH256 hash:
f50e2cbd23d058c6f0b1b147c1ee77ccd969b9f895375aed3c42ccbab0bbbe15
MD5 hash:
74b1969d9f41c94a1a07431b65bbf390
SHA1 hash:
54935d5f7a59384ba8d1b26e25bbbc394e91922a
Link:
https://www.unpac.me/results/ed71e872-5b85-4b98-9d52-da4522af0ab5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f50e2cbd23d058c6f0b1b147c1ee77ccd969b9f895375aed3c42ccbab0bbbe15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe f50e2cbd23d058c6f0b1b147c1ee77ccd969b9f895375aed3c42ccbab0bbbe15

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1344208/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/165874/

Comments