MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c05c5b0d65a0c7c5c415a6dc5adceeb651f986f40d4a5d2cf41331b8a8d52b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c05c5b0d65a0c7c5c415a6dc5adceeb651f986f40d4a5d2cf41331b8a8d52b7
SHA3-384 hash: b57a07cf5a9fbe937a8ae33919cd98cd808aacb5d2bf0aec3a59837af0cdf04f6f296440b63bb8a66d6d01e8386c3638
SHA1 hash: 4202faa4c648b88869e0ed33409a5f31f938cd7b
MD5 hash: f6fd3ea634b3c901c34545cfeaf5fb14
humanhash: pizza-island-jupiter-fillet
File name:f6fd3ea634b3c901c34545cfeaf5fb14.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:54:34 UTC
Last seen:2020-05-21 09:51:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b7d533679c13c8c80f5e4e1f8e4aa908 (1 x GuLoader)
ssdeep 768:rhivTmHToL7YtisiXGu45PvouFJyRFYX8d29ERUmBBlzDW:cakQYXGNpFJ9X2mE5zy
Threatray 482 similar samples on MalwareBazaar
TLSH 62A30821F590DCB1CC4849BE9EA25B5851AFED340912CE0B39CB379C25F3E92A53139B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://45.132.241.148/tt/chck_uHBwMHFjJB70.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.25286.27582.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 12:14:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hqc4lmgwlighyxcbljw4lloo5nsr7gdpidkkluwpiezrxcunkk3q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
netwirerc
Create hunting rule
Similar samples:
0c017b57d7f1cbfa01f54deb15b7f04b8923acd4585435050589b1762856247e
GuLoader
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e
GuLoader
a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
GuLoader
b7080e861acf13e24b0f995a17697390e262fd128de58e12e99074531ab3963d
GuLoader
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 472 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-r1rcd59fte/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/365823/

Comments