MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 533abb61ce480e7682c142da1ee6d9385887b041965f9bc35e575f928412cd9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 533abb61ce480e7682c142da1ee6d9385887b041965f9bc35e575f928412cd9e
SHA3-384 hash: dbd920228552074fca929f1a460c9ca30a3a7fc0e78ed281e41a4a1f51162b013a9709935796d059d3c5d4cbfc617bc6
SHA1 hash: 0ed0d35e0a5d39aea983a5a8503f7e2e2904386b
MD5 hash: 4eddf1f44afa9a90f1e1fea016162710
humanhash: fourteen-seven-salami-alabama
File name:4eddf1f44afa9a90f1e1fea016162710.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 08:58:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 34840f4d85abe88c9ba4cb15cc0933f8 (1 x GuLoader)
ssdeep 1536:0pn3/lD6Mxv33s9iHmSVgi/huVuVUK/wlG03JMQT8l5AHMb1L:0B3/09iHT/ZO97HMN
Threatray 704 similar samples on MalwareBazaar
TLSH ACC32923B6D4ACA1EC650FB24C6359E719127C3079201F2BB749F79C66B21EB35B6306
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1J3mGZiyAiiGMlBjCYi77UTL1hrvTmE3y

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5659/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:02:47 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193
GuLoader
16c2092baa98a45c1b1528ac2fd3674c26f9b30e62d2fcf619c0d3f8c83fa6ac
GuLoader
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926
GuLoader
70e8b249ce476ea3ff1c233de9eef9b9f1e2ad1da22c1bb3e16acc20eaa0e9a2
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
b867c39938c7f9800c4a4da862d641a08e2faa3a695c8e41242ff61e767e4cb4
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
+ 694 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rrs7yka6zs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 533abb61ce480e7682c142da1ee6d9385887b041965f9bc35e575f928412cd9e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368707/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5659/

Comments