MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 474fdc334d61a837436e2979eebb789db0263ef26cf4bc00b5936823246a0b78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 474fdc334d61a837436e2979eebb789db0263ef26cf4bc00b5936823246a0b78
SHA3-384 hash: c1d3f55f08201025331e39519b486125879b4b9c5ef9f3837eda9d4a706577eec692459d7163950be654b55094c52fb6
SHA1 hash: 0b8bae4d83c66e7017e62a66596d38cab171368f
MD5 hash: 3eb9772044e0364f471638a90cdd1e71
humanhash: glucose-sodium-low-friend
File name:3eb9772044e0364f471638a90cdd1e71.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 13:17:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bef71da439e3319c0631ded1421f6912 (1 x GuLoader)
ssdeep 1536:4SPfxV40ietV2jJ50kgrKHxLdGKc+o0FDHdZ1gIqC/AR914m2PUfgZ:BPXieT215mKVdhjFD9zLY5wPXZ
Threatray 305 similar samples on MalwareBazaar
TLSH 05B36B17ED4C8543D2488BBD3D178EB93B1CB91D0C405BEF62765E9FAE316422C9B21A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://vitaltea.co.nz/ned/n-bin_GuMUo43.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Netwire
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6306/
Detection(s):
Win.Malware.Generic-7998112-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:30 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i5h5ym2nmgudoq3off465o3ytwycmpxsnt2lyafvsnucgjdkbn4a._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
19307b5746bbedc1461d2fdde14bb9b61da5b76af0f2dff6295e05e9ea855f24
GuLoader
4b110258d8a90160fd07abfd441805de6b8e1cb646c0734febd7de606ca5a4e4
GuLoader
54cd2f165cdc6bc4fcc50fce8da1206b5c1bfedb442d2a000e965019d379a719
GuLoader
7bcfd6304cf50881a7f42942fe80cdc0d26bd2f0934c6e2bc8df904a414fae4c
GuLoader
aba4802ec9d322f223f22b73f41bbb77d7b6066d18c8b53571e50a9c97e727fa
GuLoader
cfad7f3408fcc08ca91d0e0fe624088c1c2fda17b460e17812c0362061124b18
GuLoader
d38d364257aae9a96f861fc772480694e039d01e3f7897f347341d78d74444ca
GuLoader
e05fe646183b69a8596eac8857f561c2aded2fda7694913b699c134dda15f797
GuLoader
eb082ead8de20d80f1aa722b1ea95512e7c08d26403b8cf8cd6670a7fbc75c95
GuLoader
f4d8ebccd809868b63410f61d84bf12e9642f7eb015b6480610e9505da186067
GuLoader
+ 295 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lv7qxfxpvn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/372082/
Cape
Cape
https://www.capesandbox.com/analysis/6306/

Comments