MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8078d1175f3c3823d239e1d593258f2ff22f1ddffd388e20b1886893b9ec19b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8078d1175f3c3823d239e1d593258f2ff22f1ddffd388e20b1886893b9ec19b5
SHA3-384 hash: ac950a1de8ad97055c664cc39a6d457a0d383ff0d3800f51fdb4643e4bf298a400ad87c765eac7c95aaf1a52a2c66125
SHA1 hash: 0dc5a9a91548158fc112d1c38246d4b1db5259d3
MD5 hash: fb5675b8f4b25b0aea0a30d337013647
humanhash: fish-sixteen-lactose-eight
File name:fb5675b8f4b25b0aea0a30d337013647.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 15:32:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 65fa938ea263824b030fe9107224a242 (1 x GuLoader)
ssdeep 768:vVBfuPe2otRKzrb+IARZ27NuICz1lBf054rylm+/UqpzFZS3BgijMA2bIOhdR2o/:dEPm/omKupBf054rGmwBZSrMjV0U
Threatray 114 similar samples on MalwareBazaar
TLSH DDA3293179D49C61CA048DF21D699B29106FEC753A134B07B0DA7B6E2937B82E62139F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1O9d_YHYKdiUkukGNZca6cJVixgZuo1YP

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 11:35:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
28e5fa8a71a61c9a963340efa4179b8e1e966eca430c77f86c5795a28b66162a
GuLoader
4193084a6eba68bbb6aef41ffc1f21685208c6b942de9e5853b70b04834c296e
GuLoader
72895b913903c544f9105b4fd01c031a973b09f6b9bb0754a3e8b957863d9f20
GuLoader
767d213b2083d5ba0cfb4e4d281fcce7d2233345ec7932e2d89cf303fd51b10e
GuLoader
8a6b4a9aa425ad3d577b2b06d4acc73ba92d0878b4edd160872f130b60bf41cc
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c58732917ab8e8ecd264f23145c68acd6b00c7168f063a96bb548ed2e41b39bb
GuLoader
d022613003b09d53a5004b7180d6d5bcfad0a1b1efefd3d7e6f69ca63204f483
GuLoader
d7f94abc222e9d72d3878ee97d3c257878e724bdb83e0ea9e92fc202d992be41
GuLoader
eca13de65c0bea59c87ad6d8fd0d4d7083badd47dd919b5d407b77298ee36a85
GuLoader
+ 104 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-b11dv33dln/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 8078d1175f3c3823d239e1d593258f2ff22f1ddffd388e20b1886893b9ec19b5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366256/
  
Delivery method
Distributed via e-mail attachment

Comments