MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61bc9714c9d544e67950671f9bf407264caa04db3b82db8deb5ee40e73921e76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61bc9714c9d544e67950671f9bf407264caa04db3b82db8deb5ee40e73921e76
SHA3-384 hash: 41dbd6aa8326a3844f86639131bb7eace1271149160e2c4cb8d5841a96bd50e215dec95609b319087c722d914310319e
SHA1 hash: 346fe7cbea777529f4bfea584577af986b4ae9a7
MD5 hash: 2d57f3fd9976ea4ded3fe5e698c49400
humanhash: timing-carbon-summer-summer
File name:Purchase Order______________pdf.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-04 19:50:36 UTC
Last seen:2020-05-04 20:43:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fbdb9eb0e5e7f1936543dee87d17f35d (1 x GuLoader)
ssdeep 768:FCXxzPP8+C6BMKaEgtVcWc9hLLWZbNkXaXjjamdkgd1axyNg7q8uwF2It3z/RNdo:ELE02KaEiex+rxgO8uwI4Z1xCx
Threatray 47 similar samples on MalwareBazaar
TLSH 31A3D856B394900BFB2559B25B68D7D44066FC39EC421A073AC0372E6A32D45FF923BB
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44306.4736.15690.UNOFFICIAL
Create hunting rule

Win.Malware.Generic-7751004-0
Create hunting rule

Win.Trojan.Genkryptik-7752235-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 01:08:56 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mg6jofgj2vcom6kqm4pzx5ahezgkubg3hobnxdpll3sa444sdz3a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
090875aa772527ebf603d65d2895f4a21e85b150983e9a40ff3d52314f844b70
GuLoader
10a4f9b83eb6a7b8ba130f7a9c8c813dee4bfde798f4c7cc539bc35ca18c5821
GuLoader
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
GuLoader
39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29
GuLoader
40950dcb88e56bcea0e542f297d60fe5a96d410473ec3fe51e9234b40304d329
GuLoader
55897dc537d308842906dbf8bffde6eb846cdd6b5e9584d7efcbe7c342d5e699
GuLoader
9028aeddf4c76b16753ea37720bae4088308671214e6cf192705622cf07d41e5
GuLoader
9059531fbff89a14fc3761330cac92437bee44349e6b62e7e807422b4c57e2fe
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
eaf38de6ac4347ac84bcbe648301fedfe021aeafbc3bf40404a4003117a8967a
GuLoader
+ 37 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-xtwbgpkhrj/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Checks QEMU agent state file
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments