MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 160684d9f79b0e33093a76315cbe47afd4d0f27f5dadd1b6fa314d8ff8a64370. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	160684d9f79b0e33093a76315cbe47afd4d0f27f5dadd1b6fa314d8ff8a64370
SHA3-384 hash:	22f9d96680434b9b252a1cba9b2a06f1dd1e547db36391da309b6c6bef1fc043ca9f890f953cb918d93e4526cbcc668f
SHA1 hash:	03f70134b00060e4d9211de80c72edae3d0a9870
MD5 hash:	30edf63de81ae29b6c4b70a4fc8fd1cc
humanhash:	burger-low-california-indigo
File name:	30edf63de81ae29b6c4b70a4fc8fd1cc.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	192'512 bytes
First seen:	2020-05-28 07:22:18 UTC
Last seen:	2020-05-28 08:22:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	65e034ebb5f4671b2ad6682a67781d5b (1 x GuLoader)
ssdeep	1536:P8nsv7xfWNt9nSJ95KWdYsZBg8XfosPK10/Y1GWInX2eZ+gTzw:ak7xfwV45vdYkAUYazw
Threatray	657 similar samples on MalwareBazaar
TLSH	1E145C26B756FCB6DE4504B0DCE1C0F80455BC09DA178E27B3C47F1E36BA187A96263A
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

GuLoader payload URL:
http://45.143.222.30/Frank%20May%202020_PDyqE221.bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

NanoCore

Link:

https://www.capesandbox.com/analysis/5811/

Detection(s):

SecuriteInfo.com.Win32.Injector.EMDX.4343.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-27 22:52:40 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 31 (70.97%)

Threat level:

2/5

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

6/10

Tags:

persistence

Link:

https://tria.ge/reports/201109-c7kzrjkzwe/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Adds Run key to start application

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe 160684d9f79b0e33093a76315cbe47afd4d0f27f5dadd1b6fa314d8ff8a64370

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/366578/

URLhaus

https://urlhaus.abuse.ch/url/366577/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/5811/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample