MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52d3a075274a8986c3e44c30ff9037abe45f150b241f6aa48d8a4efcb467cbba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52d3a075274a8986c3e44c30ff9037abe45f150b241f6aa48d8a4efcb467cbba
SHA3-384 hash: 5bd31292dc84393cc016e3f31e60fe1d0666ba64d4e2fa6b8247f07a961a241db53dd8f887bcc1be4d83ad38809e6e65
SHA1 hash: 0e8cad0f9edc2a4fa66eeb7d99b0e5d796f9935f
MD5 hash: 011aab7f071dd69eee53d6e569dd62a6
humanhash: early-oscar-friend-blossom
File name:SecuriteInfo.com.Variant.Razy.676062.19223.29672
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 09:34:07 UTC
Last seen:2020-06-02 12:58:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4d4d0d4ada6f2ab32ec0b395f5891b8f (1 x GuLoader)
ssdeep 768:pyXuuXToPYUOm7EOJwKq7ajTg/GWlFlSTavf2+NXKyejJQj:py+PPYjaJ/02g/GWYTtyK
Threatray 5'255 similar samples on MalwareBazaar
TLSH F473291EBE59C164F04649B11569D166B72ABC3258069E0F72002FABB872DC7BCF173B
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6020/
Detection(s):
SecuriteInfo.com.Variant.Razy.676062.19223.29672.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 15:28:06 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=klj2a5jhjkeynq7ejqyp7ebxvpsf6fileqpwvjenrjhpzndhzo5a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4b4c8b74b632893033dfa8d4099db76155f6941ab5a63ba7c5a680168ad73b1b
GuLoader
54afdaff6d05973b7c58978614f80dac9060bca2ef2f0e1835fa05b80e3da626
GuLoader
5f9b8ce62abc0d49b1bb253bd51286151a8b3d3f09fdb9e37cd964f80df26669
GuLoader
8255284fa792c767fd2464364f12f297fa92a38383d2303d7cf9dcb8b74bdfa5
GuLoader
85774cdd3163c5e259dafdf67b113fd69fa8f4f9ebd964ee91b099bd2f58ebfd
GuLoader
8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
bb973839df53081c969a7e6647bdfc2d3090b43b496fe8e2244a51a604264112
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
df2bbdd833be8896f46c8660acfc9da2711f2a75d8338240b781fc6ee3964f9e
GuLoader
+ 5'245 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pasc5z3zks/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 52d3a075274a8986c3e44c30ff9037abe45f150b241f6aa48d8a4efcb467cbba

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373708/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/6020/

Comments