MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 430503a02927d70df40c2f5649ca255e98017a15af6796633c27d2c0d3f3314c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 430503a02927d70df40c2f5649ca255e98017a15af6796633c27d2c0d3f3314c
SHA3-384 hash: 34291d7ddb89261f4e2f0c0d082cce72697fca279bd69e1ef5ba06fcdb8bf9197e7d5be13eb7eeef692be133383b7ebe
SHA1 hash: db55e944e03025b0713eb3b106a121035aa3b780
MD5 hash: 78461403500a8ae769e490870f450a25
humanhash: delaware-lima-snake-glucose
File name:SecuriteInfo.com.Trojan.PWS.Siggen2.48394.31270.3795
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-06 14:11:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f46b10eebc3c9c499a09f8d08a9a4736 (4 x GuLoader)
ssdeep 1536:gpIu2xZ3Viff96SBdGeVKc37ntKXVv09E:fu2Zi7VjE
Threatray 709 similar samples on MalwareBazaar
TLSH F493F9117EB4ED22D114B5B1DB66F6AEC32AAC3058318C1B24C53B5D2F36A429D3535F
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.48394.31270.3795.UNOFFICIAL
Create hunting rule

Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/351664
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 15:37:19 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f3c0cb514e5c47627a6f0947deec29e824dfb0d13121021ea6115d3f09db9ee
GuLoader
1f970a14fb1efcbcdca7c274d76c4eabd3699e62015a58226d6e328b83d4f0fe
GuLoader
3fe9eed0a3a27ff6cc16b6999d5b040cb7c103a4cd59262ffd21744537e7c8db
GuLoader
581a5839e84c512e1ba78931b78cad6a25ad5ec0c6033d033db3350889285c9f
GuLoader
6f3800e20217ce801b5c4106be5fb1160e4accfd565e371b670c52605f2600b8
GuLoader
7fda87ee7ea129f8263c57c5f9d4ed2db3221a067ad0d3dee0a1918d4be96b94
GuLoader
9826cc38078ee6a4a6ac24f17da67a7848eba1c75250875aac17bd1496b2bb4a
GuLoader
a2854003ec6cd974aacccacca9e7d12208e1e70dc2c3d722c238bafb3aa3ee26
GuLoader
b3f47169101e8ad239ae4a647447bef75e9ec88d5fc096299880756868514ed0
GuLoader
bd6f8c6b0d3ba7d364667c32994f536d69d93aee58e46ef1e9899452830c001f
GuLoader
+ 699 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-gtpq4dahza/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 430503a02927d70df40c2f5649ca255e98017a15af6796633c27d2c0d3f3314c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358769/
  
Delivery method
Distributed via web download

Comments