MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcf8c73e6ddc38f6c4da5f525e95aa853edc5334761730ec1eb85a672996021c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fcf8c73e6ddc38f6c4da5f525e95aa853edc5334761730ec1eb85a672996021c
SHA3-384 hash: 1cbe57250cd231105eafbad16937b5d264364281867a9d7210b64fd9ac67d9642d1dc8101e2bd19336acf605e715d7f3
SHA1 hash: dde11d3e71974ff54bd32d040802b563c477a1e5
MD5 hash: 3102f605461887e29318e462dd1ef8cd
humanhash: mango-winter-east-edward
File name:Product Specification.jpg.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2021-02-19 09:25:27 UTC
Last seen:2021-02-19 11:15:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 355969174dbb87f5c75355ca7cbc6757 (1 x GuLoader)
ssdeep 768:kFs9mUrSgcXgnl2+KHueN6UXZv4udRBP5XJSeRVvp2KrhTqPgfuG1c:wBUVyYxeRXFj3R4e/vpZhTqo2/
Threatray 898 similar samples on MalwareBazaar
TLSH 7693D493B799EBB3D35144313E949AE80643BE35AC908A13BCF1231E6D39A05DE13F56
Reporter GovCERT_CH
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117950/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36354234.32075.325.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/612501
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Uses an obfuscated file name to hide its real file extension (double extension)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fcf8c73e6ddc38f6c4da5f525e95aa853edc5334761730ec1eb85a672996021c/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-16 01:26:17 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7t4moptn3q4pnrg2l5jf5fnkqu7nyuzuoyltb3a6xbngokmwaioa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1de9da3a2c6effe9e9eae16a0d70fc19c633e479073f308a666665b0628e866b
GuLoader
305a2d609d4d34967a53c2f44b9c48acd3e683ac3be396bdb359ba0398da7a75
GuLoader
4290d442e13dea4987b3439a97deabd09dc72d8b38fff572ea287d1c4e9b71bd
GuLoader
5d55ad4b75f1106d59cc53b92d90c8f343c5d893c774d436f44ae5508714f443
GuLoader
7570a7a6830ade05dcf862d5862f12f12445dbd3c0ad7433d90872849e11c267
GuLoader
7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb
GuLoader
d720a410d804f04fbc099bc1cecbac2bdf37944a84662442fe98cd0945b59ade
GuLoader
e66f28f19fd4c89cbfbea489fa12cad084b07d722fb8111650a8128ee75cc061
GuLoader
ebc82e867e1280af5cb01ed64745b4a4e5fa48c2ea64557bbaeb7b391e852c2f
GuLoader
f12049965ebca86fd2d5b094273aaaa2bfd299f67856d168252f8b927f2f7bec
GuLoader
+ 888 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210219-3l6z4kpwm2/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
fcf8c73e6ddc38f6c4da5f525e95aa853edc5334761730ec1eb85a672996021c
MD5 hash:
3102f605461887e29318e462dd1ef8cd
SHA1 hash:
dde11d3e71974ff54bd32d040802b563c477a1e5
Link:
https://www.unpac.me/results/b6b7ab80-d756-4fbc-b5c4-7d76130a7397/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fcf8c73e6ddc38f6c4da5f525e95aa853edc5334761730ec1eb85a672996021c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace c56e3b354b7cce95f09d642c243ee9851b314028683f3c0e2fa0ce1c8a929bb8

GuLoader

Executable exe fcf8c73e6ddc38f6c4da5f525e95aa853edc5334761730ec1eb85a672996021c

(this sample)

  
Dropped by
MD5 ffcbc73f372e91fc6ea51b6e3f4605f5
  
Dropped by
SHA256 c56e3b354b7cce95f09d642c243ee9851b314028683f3c0e2fa0ce1c8a929bb8
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/117950/

Comments