MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7c8f897e59132dc4f1a8f57bb3ce13b9e72ab08fb9cc61c038f9ef618444c15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7c8f897e59132dc4f1a8f57bb3ce13b9e72ab08fb9cc61c038f9ef618444c15
SHA3-384 hash: 2b5cd3620bc60e6d05fcf7e3b2ed3b37c450a9ff2060a03ff65d8288f87370224a1c998d016ae59cd341fe2db620042c
SHA1 hash: 58f4e4f2137a8d7e1145ec56278966c25141227e
MD5 hash: af661174e32873410c779d9ef0b05907
humanhash: skylark-spaghetti-west-triple
File name:FAKTURA 6475.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2021-06-07 11:28:36 UTC
Last seen:2021-06-07 12:44:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b1d5215cf0ff1abab4dacdc311d642d4 (5 x GuLoader)
ssdeep 1536:tKQ8SSa/vAJKGOVY+cai7N/z3LouWRDF3hRHaIBdQIYtncxEgpo9ssa:ISt/v65hN/z3T6DfRHaIBdQltncEg13
Threatray 809 similar samples on MalwareBazaar
TLSH 2EE33B36F14885A1F7574670D4B568AE6CDA3C106643DE3B72477B0F6BF0B13A1A222E
Reporter Anonymous
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
229
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
FAKTURA 6475.bat
Verdict:
No threats detected
Analysis date:
2021-06-07 11:31:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cecb09e9-9b1e-4a63-ad0a-10170797ace5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/164984/
Detection(s):
SecuriteInfo.com.Variant.VBodius.4.14164.4892.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/798035
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7c8f897e59132dc4f1a8f57bb3ce13b9e72ab08fb9cc61c038f9ef618444c15/
Threat name:
Win32.Worm.VBodius
Create hunting rule
Status:
Malicious
First seen:
2021-06-07 11:29:08 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=67eprf7fseznyty2r5l3wphbhophfkyi7oommhadr6ppmgcejqkq._file
Verdict:
suspicious
Similar samples:
04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b
GuLoader
20068144ad483092f7d01af361be58762ae467679dd012a35bc11e5cb86c6c85
GuLoader
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
GuLoader
820cac518e56664c0eff780c373c375fcce8578862e2288f48479e6b908c711b
GuLoader
8e4cb68e8910042eeb4f5f4588a5a76df31cc6b0be9ad55165ced088afc23201
GuLoader
8f5fd43179a5ab283f7cab4fb285592a73348d2428a7034a1521fb12a1ead625
GuLoader
97c784403f83adbd7a4b8142c3e69e9acba2898d7293063a07b58ea35dff7b39
GuLoader
98cbe4d5b07975cd7f0b7a23296b918264585dce46b2c1844a9f52640c03d2a6
GuLoader
ea36f17e9a118b567da5b9be48f13527cdd109da17d5e5abb0809f9356622f9b
GuLoader
f5e9a63f2238667200b4f015774742db6c4cd71cd109877249f53403da2c1da0
GuLoader
+ 799 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210607-a4mrmza1d6/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
f7c8f897e59132dc4f1a8f57bb3ce13b9e72ab08fb9cc61c038f9ef618444c15
MD5 hash:
af661174e32873410c779d9ef0b05907
SHA1 hash:
58f4e4f2137a8d7e1145ec56278966c25141227e
Link:
https://www.unpac.me/results/becee71c-db06-485f-9e9a-404f8580ad67/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f7c8f897e59132dc4f1a8f57bb3ce13b9e72ab08fb9cc61c038f9ef618444c15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/164984/

Comments