MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb199d304cdc30761b11d28c71fec48596ab117ca094f1f5ad6362da890453ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb199d304cdc30761b11d28c71fec48596ab117ca094f1f5ad6362da890453ad
SHA3-384 hash: 862572444202a8f61269e3b475774c9685ebf2794b24a5237ba9a50dbeaf2f2ed3160d248dbc6431916543438575d49c
SHA1 hash: e8589a860f64a7c32617e5078c0ecfed447137de
MD5 hash: 4eab5c9165e65227d828bd1bf031e3a8
humanhash: tango-nevada-hydrogen-angel
File name:4eab5c9165e65227d828bd1bf031e3a8.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 19:27:54 UTC
Last seen:2020-05-21 20:45:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b2616d9401d111bed358005b1791ebc5 (1 x GuLoader)
ssdeep 768:NPI2Gd68c2sGzTGKuwz44YraocW3g5PivcqlX9z/Pwgyz/PUF9dCB2jW+h/t:G218cBOufrao93QUb9z/WLPubZ7
Threatray 447 similar samples on MalwareBazaar
TLSH FEA33B21BAB0AC25DB84CAF11A564BB8127FBD7518520F0FA4C77B6D54F2A83F522347
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://onedrive.live.com/download?cid=554BBD19BDD72613&resid=554BBD19BDD72613%21156&authkey=AGIuaWEkkBxB_4o

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4497/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.48179.7145.32410.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 19:05:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1a3223bf578249a17b6d1f8ee0ed8a5fd49690621f3ea63d0380db03f2c31e50
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
270b7f2dfa665133fe2d57069e4654b4065d5d919e4b881ab28ec215273bf767
GuLoader
4efb9c06d7fbfe766220885b9f1320589cf9ae96a900a935e2d1ef3cfa971a3d
GuLoader
6fd66c1d011fe7b8658211ad8990d9b06d23722a50c407675112ffb879043fa5
GuLoader
7a760430295f2983742510a35642ce550c0bf4f8f9632f027bbb11de037126b1
GuLoader
8078d1175f3c3823d239e1d593258f2ff22f1ddffd388e20b1886893b9ec19b5
GuLoader
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
+ 437 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4khes9yw8e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/366312/
Cape
Cape
https://www.capesandbox.com/analysis/4497/

Comments