MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe7ecd7256cc42ce91c14e30096c2d220aa5f0eeb77eaf7153ea34f9d4b3af8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe7ecd7256cc42ce91c14e30096c2d220aa5f0eeb77eaf7153ea34f9d4b3af8b
SHA3-384 hash: 3b8fb958c30a740136e30344958107bf3a611df045b7a518aad65c5a609f2f112433a0798ad1ec0cd0d31b351f478504
SHA1 hash: d51a1203618f17ad26a4c503661522f9d270c667
MD5 hash: f09dc829aad871e73683c231053c4867
humanhash: cold-fillet-oranges-earth
File name:SecuriteInfo.com.__vbaHresultCheckObj.16038.10389
Download: download sample
Signature GuLoader
Create hunting rule
File size:282'624 bytes
First seen:2021-07-23 15:47:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4d855772c2abd948c289c2a8f8005cb9 (3 x GuLoader)
ssdeep 3072:U3BepJlZa/GZtMIBTCTZCHaIcdEanIydvANIfdGAYOQsWtTN3HJlZapGBR:GiUVw+9+sbIydvASlTmfHP
Threatray 2'207 similar samples on MalwareBazaar
TLSH T17C54C51C6302E006FA51C4BB3505F22B94191D37916DCE46BA8C5F3BE4661F3A6FBAD1
dhash icon 72e8d4ccf4d4e8b0 (5 x GuLoader)
Reporter SecuriteInfoCom
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
217
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.__vbaHresultCheckObj.16038.10389
Verdict:
Suspicious activity
Analysis date:
2021-07-23 15:54:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/426f2ad7-d77c-430d-9847-bbd7bbb7b647

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173707/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.16038.10389.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/883c6b0d-4c8c-4585-a351-6c88dec0a727
Result
Threat name:
GuLoader Lokibot
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/820891
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected GuLoader
Yara detected Lokibot
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe7ecd7256cc42ce91c14e30096c2d220aa5f0eeb77eaf7153ea34f9d4b3af8b/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2021-07-23 15:48:12 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7z7m24swzrbm5eobjyyas3bneifkl4how57k64kt5i2ptvftv6fq._file
Verdict:
suspicious
Similar samples:
02067a8419dc011a977a7f84edb67c3b9e8925248f132d2ee863c5576a29a0b9
GuLoader
24c6fcb3f26697d826a4c1899bdb9a7368ae336046c1028a6e53a9f17a5186af
GuLoader
42c8ded976a7c9f295888220d4d2fc273535f1fa15e6e25cfceaf454188f7895
GuLoader
464e32b273ff94e18247402fec1445dceb07fe8ea16490038fa64b9a23672cf0
GuLoader
4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a
GuLoader
4bbbdca53bbe4ce27fc929968933f482e17a3161abaf8d7bc06cc06b5a5d1b7b
GuLoader
71756ea23acdd988833bafc579a81eb54341f13f6657fed3aedce37a4d9606ea
GuLoader
923e1d37bb37118bd66462b153d9fa0d4518898ed56f0252690a6d9eb111a0d7
GuLoader
+ 2'197 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210723-smgdjcb21j/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
fe7ecd7256cc42ce91c14e30096c2d220aa5f0eeb77eaf7153ea34f9d4b3af8b
MD5 hash:
f09dc829aad871e73683c231053c4867
SHA1 hash:
d51a1203618f17ad26a4c503661522f9d270c667
Link:
https://www.unpac.me/results/51353502-4d32-4558-9aab-f541707a2cb9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fe7ecd7256cc42ce91c14e30096c2d220aa5f0eeb77eaf7153ea34f9d4b3af8b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/173707/

Comments