MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f970a14fb1efcbcdca7c274d76c4eabd3699e62015a58226d6e328b83d4f0fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f970a14fb1efcbcdca7c274d76c4eabd3699e62015a58226d6e328b83d4f0fe
SHA3-384 hash: f926161f642e156b456083cd46fd26bfb539a61804d60769bd695f85f9754ac780fcbbd831697e8325d9c64f0df7c6d1
SHA1 hash: 4d8d8365d192135608990a0998973973d52624a0
MD5 hash: 9a38cec7850d8cd79fc0bf440e5297e0
humanhash: diet-moon-island-twenty
File name:OOCS DI- 209871 CB.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-05 10:34:06 UTC
Last seen:2020-05-05 11:15:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3c55e15d93755de61a95ed3f7e29b290 (1 x GuLoader)
ssdeep 1536:54/K1kkkaFjfSyHdVlGi7iBJsxHX83j9FB6:+KWAS5BM
Threatray 177 similar samples on MalwareBazaar
TLSH FA930705AEB4EC22E51479F1DB6AF6AFD712AC3019364C1721C57B2D2F36A429C3522F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AC.10036.440.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 10:36:22 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d6lqufh3d36lzxfhyj2no3covpjwthtcafnfqitnnyzixa6u6d7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f3c0cb514e5c47627a6f0947deec29e824dfb0d13121021ea6115d3f09db9ee
GuLoader
3fe9eed0a3a27ff6cc16b6999d5b040cb7c103a4cd59262ffd21744537e7c8db
GuLoader
430503a02927d70df40c2f5649ca255e98017a15af6796633c27d2c0d3f3314c
GuLoader
581a5839e84c512e1ba78931b78cad6a25ad5ec0c6033d033db3350889285c9f
GuLoader
6f3800e20217ce801b5c4106be5fb1160e4accfd565e371b670c52605f2600b8
GuLoader
7fda87ee7ea129f8263c57c5f9d4ed2db3221a067ad0d3dee0a1918d4be96b94
GuLoader
9826cc38078ee6a4a6ac24f17da67a7848eba1c75250875aac17bd1496b2bb4a
GuLoader
a2854003ec6cd974aacccacca9e7d12208e1e70dc2c3d722c238bafb3aa3ee26
GuLoader
b3f47169101e8ad239ae4a647447bef75e9ec88d5fc096299880756868514ed0
GuLoader
bd6f8c6b0d3ba7d364667c32994f536d69d93aee58e46ef1e9899452830c001f
GuLoader
+ 167 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wq2xmc1lha/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 5e6acc2cd69014ea5f71b50328997193ed91eae000033ccffd7b6e6a8b17291b

GuLoader

Executable exe 1f970a14fb1efcbcdca7c274d76c4eabd3699e62015a58226d6e328b83d4f0fe

(this sample)

  
Dropped by
SHA256 5e6acc2cd69014ea5f71b50328997193ed91eae000033ccffd7b6e6a8b17291b

Comments