MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f573cf3eed6dc5635fd82f657a0912c151e2762188e71d161bf173bd40abaa3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f573cf3eed6dc5635fd82f657a0912c151e2762188e71d161bf173bd40abaa3d
SHA3-384 hash: c8812ab0541ca4ccf6f9adf0cc1aab5d70fb6fe4a23c1f3ec3c2f392cf39a20236e773b30383b3446f45ed7edc9439b7
SHA1 hash: bc23c59b51ec6811846c0841744d25b1c7f38041
MD5 hash: 16356e43c48a4bfd566088cfacb47e48
humanhash: fruit-july-magnesium-hamper
File name:Payment Receipt.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-04 04:23:41 UTC
Last seen:2020-05-04 04:39:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7857d6307bd0435f03563ec228489551 (1 x GuLoader)
ssdeep 768:0WADeQCPGd6wuGXaXjjamdkgaFDQtxFhlwHVG3kYl6kwF9RZfEMXdLA2lE:WeQ9dbROtzh2H3Q6RGsE
Threatray 253 similar samples on MalwareBazaar
TLSH 69A3EA52B7D5A40BFA7959B22F64D2E40462BC369C561B073EC1332E7A32D05FA1237B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44175.489.28969.UNOFFICIAL
Create hunting rule

Win.Malware.Generic-7751004-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 23:30:41 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6vz46pxnnxcwgx6yf5sxucisyfi6e5rbrdtr2fq36fz32qflvi6q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e2ff65bf3e2ccdf8a5c94830b0c8b72ce136d017f47bc14933ade45b9bbaeea
GuLoader
10a4f9b83eb6a7b8ba130f7a9c8c813dee4bfde798f4c7cc539bc35ca18c5821
GuLoader
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
GuLoader
40950dcb88e56bcea0e542f297d60fe5a96d410473ec3fe51e9234b40304d329
GuLoader
473f59e503b660f8b9cd8f4a36f955f59cc9b0ee19dec2570d9a907c22df1907
GuLoader
486db57368974cf567fd3a1ae1f5800519129d0aa1f0946f27f7b85da4f3a5f3
GuLoader
61bc9714c9d544e67950671f9bf407264caa04db3b82db8deb5ee40e73921e76
GuLoader
7051cafeb459d49b51e160e4dab61b346325159efeec3c734a7131d8e96c3c14
GuLoader
9028aeddf4c76b16753ea37720bae4088308671214e6cf192705622cf07d41e5
GuLoader
9059531fbff89a14fc3761330cac92437bee44349e6b62e7e807422b4c57e2fe
GuLoader
+ 243 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-9at2xxftcn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments