MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0a44650607ba722a1afaeda2b4cb8c56484a1c9e8bf72e51fe92a2e16d6dbcf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0a44650607ba722a1afaeda2b4cb8c56484a1c9e8bf72e51fe92a2e16d6dbcf
SHA3-384 hash: 4cd91596465d3957fc64a1f6544529e426e49887bc21b0470f2f2bbd0157eaf8a8949248ebf9a31a7da58511f6b9931d
SHA1 hash: e954ef39185007e8fea7f63e693850375f7b9495
MD5 hash: f585470459d631aad8606dbc32c9a87a
humanhash: yankee-hydrogen-fix-chicken
File name:0003.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-05 10:43:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03a5b27e870b4ca7fcbfc2de65221cb0 (1 x GuLoader)
ssdeep 768:s6uSp2/ZdwWvHuvVYUbCfV9/Jwhrtftur3Lk5VkWIy8yyXi8Ze:sA2/ZdzHuvV9bCfV9/Gftur7VWFUXiH
Threatray 255 similar samples on MalwareBazaar
TLSH 4083C410BDB4ED31D05875B1CB65F2AFD322AC3059B29A876D843A5E1F36A069E3025F
Reporter Racco42
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44297.29685.29566.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 13:49:49 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2csemudapotsfinpv3ncwtfyyvsijioj5c7xfzi75evc4fww3phq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1218e6f611d06cbf81e8b72e9c1fab06d8d54c5a7b6ce49e4e26bf86ec1807b2
GuLoader
14ef1e3ac43b65b915bf15b136502e42fbc03555377bddf1bd4cd71928d2f1a4
GuLoader
205034fed0edd3c5d8069c63783b3cfdeba86816e6f1f5f6899add096d482bff
GuLoader
250051d6d9bd369c1b513ab41b5f9da87b04166af831d170dcab225aa0d86913
GuLoader
3095c533634e0d3773040c4599e05afe14ebac6e81bad0801b6ec72f78df9c3d
GuLoader
7030c2032fc9a3b15dc8720636f25403873ca65156611b7ccaa2928d716874b3
GuLoader
7b743eec66064abd181281fa1c0d614f856ee083d23348a10c9612765342ee67
GuLoader
a7517b0fbbd35dc4990c2a61b792264a9cbbd77fc62f0673063df3c6a2d581fd
GuLoader
cb26b474b4f7be86dc5bf39c595a93d1e3353bd25312d83249dc4e1097df2f3e
GuLoader
dabc62571ab7730cebaf8d46beb2765032674b43518f30fb228917570729add4
GuLoader
+ 245 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wz2cp7mcwa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe d0a44650607ba722a1afaeda2b4cb8c56484a1c9e8bf72e51fe92a2e16d6dbcf

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments