MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b322d3c3a5bd842ae2563f5eb2ae4cf7957132311ccf051d7bfeb4601866a33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b322d3c3a5bd842ae2563f5eb2ae4cf7957132311ccf051d7bfeb4601866a33
SHA3-384 hash: baee02fed3f912b34c7d8b67250dbfb7aebdfb6fa482faca9ea0a1a654cf81c5040e230764d0a748e02b95f074997379
SHA1 hash: a790ffc436b91ca66d1efa7d5840ad19ebbd3e86
MD5 hash: 62180cb03ea671d98f58073efd6a4618
humanhash: fifteen-winter-illinois-bulldog
File name:9b322d3c3a5bd842ae2563f5eb2ae4cf7957132311ccf051d7bfeb4601866a33
Download: download sample
Signature GuLoader
Create hunting rule
File size:364'036 bytes
First seen:2020-06-03 08:23:07 UTC
Last seen:2020-06-03 09:25:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 173abfa8f7d7adac2a90a2e42625b7d9 (6 x GuLoader, 2 x Simda)
ssdeep 6144:93EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9Ei6:SmWhND9yJz+b1FcMLmp2ATTSsd6
Threatray 30 similar samples on MalwareBazaar
TLSH C6748E21F1C0807AE4F5157096FF7A5B246CA9B6472838D7E7986EC928741F27A3C2C7
Reporter raashidbhatt
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6323528-0
Create hunting rule

Win.Trojan.7348569-1
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Shiz
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:08:29 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
071c9ef8d382452d6bcaa4a46eeb4a0e71562097201d228caf15229fd2b68ac9
GuLoader
2ed58cba6fbba892cde349ea6759ddbe197bcc1adf9c55801b30ccd3d28ec55f
GuLoader
347ec9d5455536ace4c650476001fb0511d5ea5f734a951b523ade3001472dd4
GuLoader
48b9908bc98ae2903ee34167224b402fe5eb3a6c9b853ab17e728de52e2639a0
GuLoader
68e7c82cc5535b87b0e1310f9a054432944b6efa0471e2b03101554bdf7decc2
GuLoader
7b673f65dfb02aea2b7fe950c749c17a953d2b9514aa78c663aac6c002b6bf6b
GuLoader
a823a4702ff08fa0b0b70a2f781fe36db904ec2d975f58a5f9d44e85f4b85740
GuLoader
dadd0d7d480d15bb718d82ff012ace97f16fb4a2a6862dc5ad04e9b2b95380cc
GuLoader
e162d29d0ba895e3ea7d75000c41c843225c7d29147b323ed9a72f4de3c1f6f0
GuLoader
fde7c52c166cd76fea454bbb539e7eba9ce704f5b442534bf5c4163213215426
GuLoader
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-5ttw3edd4j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies WinLogon
Loads dropped DLL
Executes dropped EXE
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments