MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dccde0289f175d1d41140302e71242ae0ea250bdc580767256da69f7cb319ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dccde0289f175d1d41140302e71242ae0ea250bdc580767256da69f7cb319ff
SHA3-384 hash: 7d73338954cbf0d2eadec310fe6f6559aae32c6d5d57d877e1179455768f8c16308eabdfca97f25cfc476f5cf5ad64b4
SHA1 hash: 55e3dd6d4d939014c470f7a1f08d51da2ba662d9
MD5 hash: 89c1b14a1fb416af1073cd132883a1bd
humanhash: speaker-two-saturn-hamper
File name:bb.jpeg
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 05:55:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 267eebd4e17506a83e3d31fd1ecbd33b (1 x GuLoader)
ssdeep 768:qFm/V1B0c+xjpIMgMv2691JXFejfbzF4ddmSRx:c60crMgMeu1JVs4bmo
Threatray 31 similar samples on MalwareBazaar
TLSH ABA3E656F968FCB0EA2887FD6F754698512BBC358C52CB0371CE7B0D24F2985A871217
Reporter cocaman
Tags:GuLoader jpeg

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4530/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.22938.13548.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 06:27:49 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dxgn4auj6f25dvariayc44jeflqoujil3rmaozzfnwtj67ftdh7q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01f0b05574fcb3c10aa17fcbc2543497c2b7a6747e06e34e5e30070a2ce51bdb
GuLoader
06750ac0faac65082e722d5d7e8ccad6d9ceb5cd74faf3a9dca25be553e756e7
GuLoader
15fa0bc1864e5af21b28f16b0c1d56e53880cc6f70f0a0e9faac5dca06304b88
GuLoader
17e0971dd39c6cede948706786eb03cdd7077028dcf94ae3d16a03356256a1d3
GuLoader
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
3d759e1a22e9409de973cc5040093aff85d02303712fe10283b7baff63de9f73
GuLoader
67348aa265e2504aa1a048466a767b016b3369dc0203f48eae80342102af54eb
GuLoader
c210625165f0448f38cf697f157e7ee48ca4acd84d125b41037b308e9f31aba4
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
dadcf3ef1ba5f212ec2a93a34e414eeb66588309132d85ac1d686b7a23ef3687
GuLoader
+ 21 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8tmjfz4b4n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/365726/
Cape
Cape
https://www.capesandbox.com/analysis/4530/
Cape
Cape
https://www.capesandbox.com/analysis/4379/

Comments