MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f916b2daa9c47caa84bdab905de961a60ebb0f4fbcb3b3311eb429b7dcbaed8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	f916b2daa9c47caa84bdab905de961a60ebb0f4fbcb3b3311eb429b7dcbaed8a
SHA3-384 hash:	54e230a5c4c39ca847d50e91d9b5ba0ab8c84eebc5183182b74c77b4b5444e78411bf47403af6896173ea9f8cf588f4b
SHA1 hash:	1dfbddf5bd11c4233d652cc36ccc7dbc512fce07
MD5 hash:	ae772d1b310b57b46e09b88dade53166
humanhash:	eighteen-kilo-leopard-double
File name:	ae772d1b310b57b46e09b88dade53166.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	102'400 bytes
First seen:	2020-05-23 11:49:34 UTC
Last seen:	2020-05-23 13:13:13 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9dd4bcbfb40fc2e285a1f6c3c53d11cf (1 x GuLoader)
ssdeep	1536:ntayBrI7d743jZRWrBZT66naTu1oxieT:ntdrIh78dRs067+
Threatray	5'179 similar samples on MalwareBazaar
TLSH	9BA33971F5E0ED53CA1842BD6D748BA81A4BBC788991C70FB4C9372C59F3980E666363
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1NK04HFUL5gbmrMCds7cdKWIq2Dzuw5Yx

Intelligence

File Origin

# of uploads :

2

# of downloads :

71

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Jaik.40145.25897.26665.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-20 03:00:37 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

19 of 30 (63.33%)

Threat level:

5/5

Verdict:

malicious

Label(s):

guloader

Similar samples:

03d585ea89f4e62bc18d42d1fadad0b02faca6d68c831e79fb542e9efd183f7a

474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f

4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1

5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35

6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b

9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264

9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737

9e594cbc1aeadc0f9cf66b2af98f4f4ace29deaccd67529cd3da1d44e2d50ccf

c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0

e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3

+ 5'169 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-c16ytg4qcx/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

URLhaus

https://urlhaus.abuse.ch/url/367041/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample