MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193
SHA3-384 hash: d5016bbc14556924ada3daf5af17f8c9ad1e4d702aaa30232b01be7cefc4f61d60f279a7a5977ae5a76f43300f262d1b
SHA1 hash: df6db42a64f83c98e2e1e4194ff5b2a5ac7424c0
MD5 hash: 9d838945457f43d1da75d8eee5569b26
humanhash: wolfram-leopard-mango-oranges
File name:TNT Original Invoice.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 05:04:57 UTC
Last seen:2020-05-26 05:52:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d89440e9662c9b928465a518233db1bc (1 x GuLoader)
ssdeep 1536:jufK9sVb7n8lKt66tHo/Z+DJ2eSAY5xkkkUj39IPKFMd8DeTbU:jufK6v38t/ZyJ2DvrSvT4
Threatray 1'053 similar samples on MalwareBazaar
TLSH 47C32B17B9944C61EC584EF01C575AA31E22BC217A541F0B7B9AFB6C26362CE3BF0716
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5593/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.hm0@a0pU76di.13168.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 05:36:09 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
16c2092baa98a45c1b1528ac2fd3674c26f9b30e62d2fcf619c0d3f8c83fa6ac
GuLoader
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
533abb61ce480e7682c142da1ee6d9385887b041965f9bc35e575f928412cd9e
GuLoader
63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926
GuLoader
70e8b249ce476ea3ff1c233de9eef9b9f1e2ad1da22c1bb3e16acc20eaa0e9a2
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
b867c39938c7f9800c4a4da862d641a08e2faa3a695c8e41242ff61e767e4cb4
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
+ 1'043 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3afb52j6q6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 9c4fd5f46263393b70e5df985cf6ff335f03dc9278413fe1191348e07d741306

GuLoader

Executable exe 06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193

(this sample)

  
Dropped by
MD5 a8ccaa6385a331db9453080c38a8b2c5
  
Dropped by
SHA256 9c4fd5f46263393b70e5df985cf6ff335f03dc9278413fe1191348e07d741306
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5593/

Comments