MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8255284fa792c767fd2464364f12f297fa92a38383d2303d7cf9dcb8b74bdfa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8255284fa792c767fd2464364f12f297fa92a38383d2303d7cf9dcb8b74bdfa5
SHA3-384 hash: f8dbd7713e653133014b634011a0dd0edb44d7f83395a54debbd7ab2f1899f4a559ac253eaae131727101125f6f610a8
SHA1 hash: 8e6636ba9f17cedb76a19ea1bd4f9d458ee2905b
MD5 hash: 0620deb45649cfd2a70a1acde88ecf2e
humanhash: charlie-princess-berlin-island
File name:SecuriteInfo.com.Variant.Razy.676062.17475.3026
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 09:34:24 UTC
Last seen:2020-06-02 12:59:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 55640a1d7b667282721b9291069574ba (1 x GuLoader)
ssdeep 768:R/3Xu7HBjCPpdFy47zVFJxQXFl2TEvfgCThbZUpJxn8:d3+7gxdFyuznrQGTqhb6pr8
Threatray 6'083 similar samples on MalwareBazaar
TLSH 88731B19BE468134FA4646751599C163BF29BC325402DF1FB2406E5BA835A87FCF133B
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6023/
Detection(s):
SecuriteInfo.com.Variant.Razy.676062.17475.3026.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 04:10:57 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qjksqt5hsldwp7jemq3e6exss75jfi4dqpjdapl47holrn2l36sq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0707523c23666b0535673287616ea82b34e810594ddf19c45a0746d1bd697070
GuLoader
0e319c36c39c8504a0349445b2282bc450758b7e670a3477c0653b1daafffaff
GuLoader
28ebdc57f4de0a5f04d5ac0c8f17996d257df911de9900c3e6db1f1e213383b7
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
6f95416c1006a499c7012c6cde49a27f83223c665cf9b28764030afeb04bf697
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
85774cdd3163c5e259dafdf67b113fd69fa8f4f9ebd964ee91b099bd2f58ebfd
GuLoader
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
GuLoader
d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb
GuLoader
e13acda03eb4829793beb5c0664d5752663b7ef5ae72b63724e7eaf189a9fec4
GuLoader
+ 6'073 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fs4z64ksex/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 8255284fa792c767fd2464364f12f297fa92a38383d2303d7cf9dcb8b74bdfa5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373706/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/6023/

Comments