MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e7c9776603755bddcdb1093fe8980f16a0b0228d45b9bc83a4d8fef1e1d59d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e7c9776603755bddcdb1093fe8980f16a0b0228d45b9bc83a4d8fef1e1d59d1
SHA3-384 hash: 2ea4445da029d99c988de358d25ba95ebef0361a48593a4dec90ded55f638704c98321adea2784d6ff5a46c30055ead1
SHA1 hash: a5ee9df7ac295d58a7c3d7a8020209b7b584e0fc
MD5 hash: 778f9f9f60b54f35d65a635b8c1ad141
humanhash: burger-mango-nebraska-nineteen
File name:778f9f9f60b54f35d65a635b8c1ad141.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 19:27:37 UTC
Last seen:2020-05-21 20:45:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7dd0704239d93260e35c09a8c6ae5850 (1 x GuLoader)
ssdeep 768:bl+bvmzZk0kZ2ZDXARMKnS9Xx8n1DvynZumG8oVJ8jmbR/h1:Rym9U2ZDIM39XKn1DqnZumtxAP
Threatray 862 similar samples on MalwareBazaar
TLSH EBA31B30B8C09E41D64489F51F6B4B791E2BBCB41E154E43E6CABF2D38362D2A96534F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://1filesharing.ga/cryptd/1FilesSharingLoky4_omODWQJ129.bin

Intelligence

File Origin
# of uploads :
3
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4467/
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

SecuriteInfo.com.Gen.NN.ZevbaCO.34122.gm0@amWU98fi.12656.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 18:41:34 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
GuLoader
79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8
GuLoader
81d221135435a226a35c3099f181b6d1b427e72f414b7a8ab89ac8206b2b4959
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
+ 852 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-z9nyqrw2tn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 3e7c9776603755bddcdb1093fe8980f16a0b0228d45b9bc83a4d8fef1e1d59d1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366313/
  
URLhaus
https://urlhaus.abuse.ch/url/366117/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/4467/

Comments