MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c210625165f0448f38cf697f157e7ee48ca4acd84d125b41037b308e9f31aba4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c210625165f0448f38cf697f157e7ee48ca4acd84d125b41037b308e9f31aba4
SHA3-384 hash: 137e7b9a6e6af7f3719ecdeb2c3e159b42e0067f9ac6260bf07f0fcd48011c503b64c023a1993061a0c85c331f23621a
SHA1 hash: c0e4cfc0e182b46a55c1d4fc0df6f96f47f5e3ac
MD5 hash: b5b743893d694cf01dc7ed5adaff9b4e
humanhash: salami-bacon-bluebird-island
File name:z.jpeg
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 05:57:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 69cdd03516d377685372342ee9349cc3 (1 x GuLoader)
ssdeep 768:cX16XJv37EkzmybtP3ZLX9AANfWxVl+Xd4a9SFrSbVqGSmHh:7Zj5zftRaANfCVlid44xKmB
Threatray 33 similar samples on MalwareBazaar
TLSH 24A30932FD60EE69C85489FE0E638624552FED700991EA0BF4CB375E15F76C1A0A178B
Reporter cocaman
Tags:GuLoader jpeg

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4386/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.14648.16349.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 06:27:30 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yiigeulf6bci6ogpnf7rk7t64sgkjlgyjujfwqidpmyi5hzrvosa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01f0b05574fcb3c10aa17fcbc2543497c2b7a6747e06e34e5e30070a2ce51bdb
GuLoader
06750ac0faac65082e722d5d7e8ccad6d9ceb5cd74faf3a9dca25be553e756e7
GuLoader
15fa0bc1864e5af21b28f16b0c1d56e53880cc6f70f0a0e9faac5dca06304b88
GuLoader
17e0971dd39c6cede948706786eb03cdd7077028dcf94ae3d16a03356256a1d3
GuLoader
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
1dccde0289f175d1d41140302e71242ae0ea250bdc580767256da69f7cb319ff
GuLoader
3d759e1a22e9409de973cc5040093aff85d02303712fe10283b7baff63de9f73
GuLoader
67348aa265e2504aa1a048466a767b016b3369dc0203f48eae80342102af54eb
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
dadcf3ef1ba5f212ec2a93a34e414eeb66588309132d85ac1d686b7a23ef3687
GuLoader
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y3gwrjlsze/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/365739/
Cape
Cape
https://www.capesandbox.com/analysis/4386/

Comments