MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9260d1f299f74f165ac36f2d79bcc9d7a2b01ef94a63dd0db1df148abfc9a3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9260d1f299f74f165ac36f2d79bcc9d7a2b01ef94a63dd0db1df148abfc9a3b
SHA3-384 hash: aa2a646dcbdc1997463475f4d985e6135ec216ec87107070ca5e8f5938f81e70c81949d7a75e9d84a4f0a03fa63cb217
SHA1 hash: 30b3e7d3cc62ec7e947eac98908cb2521e1ccd91
MD5 hash: cd771cb2bafb0054c0008f1e872f0690
humanhash: zebra-bacon-hydrogen-michigan
File name:BHF REQUIRMENT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:476'968 bytes
First seen:2021-09-10 12:01:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 44a3b2717afc04118a3e0594296c9297 (2 x GuLoader)
ssdeep 6144:9UCzdNpHGGh4WIGLjOHfBfUfBfBRKZYGGGGGGGGGGGGGGGGGGGGGGGGGxLGGGGGL:9bdnrlJ8JQHs8
Threatray 5'300 similar samples on MalwareBazaar
TLSH T1E8A4B751F479C264D55F7F73EB14E5F50222DC5200F1E90B6A88BD6334FA2DEE80AA4A
dhash icon 69f0e2e6b2b2b269 (3 x GuLoader)
Reporter malwarelabnet
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BHF REQUIRMENT.exe
Verdict:
No threats detected
Analysis date:
2021-09-10 12:02:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e2d1477a-b5aa-4823-a39e-538e5885b037

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186873/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.10177.32446.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3c0471e5-3182-403b-8991-6c5a77bf1215
Result
Threat name:
GuLoader FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/848760
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Self deletion via cmd delete
System process connects to network (likely due to code injection or exploit)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected FormBook
Yara detected Generic Dropper
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 481191 Sample: BHF REQUIRMENT.exe Startdate: 10/09/2021 Architecture: WINDOWS Score: 100 27 www.evan-dawson.info 2->27 29 evan-dawson.info 2->29 49 Found malware configuration 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Multi AV Scanner detection for submitted file 2->53 55 9 other signatures 2->55 10 BHF REQUIRMENT.exe 2->10         started        signatures3 process4 signatures5 57 Tries to detect Any.run 10->57 59 Hides threads from debuggers 10->59 13 BHF REQUIRMENT.exe 6 10->13         started        process6 dnsIp7 37 wizumiya.co.jp 52.68.15.223, 443, 49802 AMAZON-02US United States 13->37 61 Modifies the context of a thread in another process (thread injection) 13->61 63 Tries to detect Any.run 13->63 65 Maps a DLL or memory area into another process 13->65 67 3 other signatures 13->67 17 chkdsk.exe 13->17         started        20 explorer.exe 13->20 injected signatures8 process9 dnsIp10 39 Self deletion via cmd delete 17->39 41 Modifies the context of a thread in another process (thread injection) 17->41 43 Maps a DLL or memory area into another process 17->43 45 Tries to detect virtualization through RDTSC time measurements 17->45 23 cmd.exe 1 17->23         started        31 american-ai.com 192.185.39.39, 49806, 80 UNIFIEDLAYER-AS-1US United States 20->31 33 www.superiorshinedetailing.net 20->33 35 5 other IPs or domains 20->35 47 System process connects to network (likely due to code injection or exploit) 20->47 signatures11 process12 process13 25 conhost.exe 23->25         started       
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f9260d1f299f74f165ac36f2d79bcc9d7a2b01ef94a63dd0db1df148abfc9a3b/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2021-09-10 02:05:35 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7eta2hzjt52pcznmg3znpg6mtv5cwappsstd3ug3dxyurk74ti5q._file
Verdict:
malicious
Similar samples:
024490bf99d2b77dc7943a5932bba385948feb7416fc434992593e72bad4782a
GuLoader
0999db34e8587ca82c53264b3a8ba8bb45e456705d32f514f2eb414b4e0a2a4b
GuLoader
56f092288a058f47cf4a38c04dac8f8fd19a6ba34039bf7803df8928fe03d630
GuLoader
5a37dbecf825521597ec511ae03e854c8000c9b6220db8f10bf18415fa856a90
GuLoader
674a7b749bea309b2f9157e187a92fc0da9ce79b3a9ee4f3c85e6b58dd961789
GuLoader
7422e19749d87820e2a5e61989f93ad75c8aa2871327de76030ce0724ecac1cc
GuLoader
99ae905c7f83f80aba5616fbf18b0dfc22f515189bf072c1b7a01ad4106ad63a
GuLoader
aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37
GuLoader
e909198f5ca355e38c8459bc7ae2028ee25f849fde5c37714f914b87a94b5182
GuLoader
eb85d3c422572557f51125f1c728dc17d022553a4dd8abee8389115d2323f58b
GuLoader
+ 5'290 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210910-n7f1zsdbem/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
f9260d1f299f74f165ac36f2d79bcc9d7a2b01ef94a63dd0db1df148abfc9a3b
MD5 hash:
cd771cb2bafb0054c0008f1e872f0690
SHA1 hash:
30b3e7d3cc62ec7e947eac98908cb2521e1ccd91
Link:
https://www.unpac.me/results/6d6782e1-1aac-47b1-93d9-e892c47527f0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f9260d1f299f74f165ac36f2d79bcc9d7a2b01ef94a63dd0db1df148abfc9a3b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/186873/

Comments