MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8780cfbde0db4996b68e320d9d2576f39a2d7f99a8ed60ba0c4e543f17801bd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8780cfbde0db4996b68e320d9d2576f39a2d7f99a8ed60ba0c4e543f17801bd9
SHA3-384 hash: 7d1e8365d412f333a1ae5b0a98599b9f9e8355e454aae917c700c5bb5cf06bc2613bb5858cba0333f8203e6746c844ef
SHA1 hash: 2d902fd498ae116c8f95c0b8687f76fe1ef9d764
MD5 hash: 62d37a47a3219fb0680c83e3619ba931
humanhash: monkey-edward-solar-london
File name:SecuriteInfo.com.Win32.GenKryptik.EILH.31727
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-04 08:01:25 UTC
Last seen:2020-05-04 14:57:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 45c14ae3a21b60a3621d6bb2f97c6e9b (1 x GuLoader)
ssdeep 768:239xHdXzeiqHReE8rGOy/T6IbNZqEC/AxMPTaaYkgatD3Fz/oIkKQp9BhH0aWoP4:k9XiXHReYe9XvgIkNp9z0c1RsF3h
Threatray 525 similar samples on MalwareBazaar
TLSH 9AA3D752B7D0900AFA2459F91FB8D3E50066BD399C515A037AC0332F7A32E46FA9177B
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.EILH.31727.UNOFFICIAL
Create hunting rule

Win.Malware.Generic-7751004-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 07:48:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10a4f9b83eb6a7b8ba130f7a9c8c813dee4bfde798f4c7cc539bc35ca18c5821
GuLoader
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
GuLoader
1d335da5b4f011225d4de68f7c3f835bb88a391d6d1046f539756e4d4f612a6a
GuLoader
40950dcb88e56bcea0e542f297d60fe5a96d410473ec3fe51e9234b40304d329
GuLoader
61bc9714c9d544e67950671f9bf407264caa04db3b82db8deb5ee40e73921e76
GuLoader
7051cafeb459d49b51e160e4dab61b346325159efeec3c734a7131d8e96c3c14
GuLoader
9028aeddf4c76b16753ea37720bae4088308671214e6cf192705622cf07d41e5
GuLoader
9059531fbff89a14fc3761330cac92437bee44349e6b62e7e807422b4c57e2fe
GuLoader
eaf38de6ac4347ac84bcbe648301fedfe021aeafbc3bf40404a4003117a8967a
GuLoader
f573cf3eed6dc5635fd82f657a0912c151e2762188e71d161bf173bd40abaa3d
GuLoader
+ 515 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-l3d1a6qlxn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 8780cfbde0db4996b68e320d9d2576f39a2d7f99a8ed60ba0c4e543f17801bd9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/356744/
  
URLhaus
https://urlhaus.abuse.ch/url/356797/
  
URLhaus
https://urlhaus.abuse.ch/url/357033/
  
Delivery method
Distributed via web download

Comments