MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5db7e6a9bc7b775eb44e02266ff814ef0cd77dab54afd5fb3398ae56a5e92917. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5db7e6a9bc7b775eb44e02266ff814ef0cd77dab54afd5fb3398ae56a5e92917
SHA3-384 hash: 0bf1cbafae50277ad7ddc84abc1cef7debbfdcf85a6d1065c7cdae60dfd50faa7e5b4ee7194aac5021a680fed4c2c3b5
SHA1 hash: 13f3f7d2883e074addb4601b4a556e2eeb857d17
MD5 hash: 62bd1b1063729bb378f6c091a4bbbd10
humanhash: football-potato-table-carolina
File name:62bd1b1063729bb378f6c091a4bbbd10.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:20:31 UTC
Last seen:2020-05-26 08:15:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b9bfa706e43847aa952de6a07e6612e1 (1 x GuLoader)
ssdeep 1536:zLQqRbuA7ClKAhH0wfPzVVqQj7ND/2Crf4v:zMqRbuA7ClKQZfLjqENb98v
Threatray 5'113 similar samples on MalwareBazaar
TLSH D9B3E56A75D48CB1DC790FB98871D5A10D3BFC160C014F23399E734D6AF77AA68E221A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://www.ftsay.xyz/turbo/doz.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5601/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43223589.31403.10965.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 01:36:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
b1d9adc8ee80f24960fb84adbb029695e49763faecbf559f92410d44bf28b0d3
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
c5049b79f66303da5f8f91e527b7f182a765c54c075f134b1779fc5802ad6b1b
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
e9f2f86fdb1d229abc6992957ae4148cd892884aee2a7e420ec7eb79c7e66062
GuLoader
+ 5'103 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m59nmn7raa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 5db7e6a9bc7b775eb44e02266ff814ef0cd77dab54afd5fb3398ae56a5e92917

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368666/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5601/

Comments