MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4c38303fd0ec6723132e2bc5017904720211a5e660d4e8a722707c7d4214586. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4c38303fd0ec6723132e2bc5017904720211a5e660d4e8a722707c7d4214586
SHA3-384 hash: 722507a297d40c3ea981b736e3da14cc3728e445ce259dc3cef840010344428dad1acc5522c3313e68c9e5f84f5c964c
SHA1 hash: e7e10ede3104f10de4372c81e713d7e9590d69b2
MD5 hash: 4875dca9b663eb2f8c065076e524b011
humanhash: pizza-sodium-vegan-oklahoma
File name:4875dca9b663eb2f8c065076e524b011.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:35:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b36c3bf536fd61b0e3f56aed53d2717 (1 x GuLoader)
ssdeep 768:i0ARyDxPxXmZQ2p61kJOBSRfqxe8M+jbzrDIS0bpV+aOOq9u6:TcyDxPMZQr1iOBSpkeflbq9v
Threatray 985 similar samples on MalwareBazaar
TLSH 6DA30821F068EC62C64485FE6F655A5851EFED380813CA077AC77B5D33F7A82A91234B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://45.132.241.148/tt/luk_fwiDG173.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Fareitvb-7861078-0
Create hunting rule

Win.Packed.Fareitvb-7861332-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:21:00 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wtbyga75b3dhemjs4k6faf4qi4qccgs6mygu5ctse4d4pvbbiwda._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1cd0666b758f28d4d3a402dc10f1b185f5a1fbbe7f74cfceea475e72a5bbecb0
GuLoader
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
GuLoader
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
GuLoader
712b5489228115a95c7718684ee0c1f80a352da3872fbfcbf74000c5306ba664
GuLoader
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
c21e141ac2bf8379284f20873d9a401fcde6ed367a200fdd7df782e67142ac24
GuLoader
d28f7e29c76ea32e8a690122a4d729408136d83a70ac491231b7458c740c86a5
GuLoader
fdfc7684865596ff802669590f077277385119144e11e6a1827910c39b0d5731
GuLoader
+ 975 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7qhw8k14fe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/365826/

Comments