MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09c2faff5c8dca326f277e50c4102a11f3a1a6e7fdc1c10c7a9a9c1920931a7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09c2faff5c8dca326f277e50c4102a11f3a1a6e7fdc1c10c7a9a9c1920931a7c
SHA3-384 hash: 9237c3e75e8a1f6347db1e9b37a553780040e6cf575a880be0cbefb9c85d90565ccce2e9f8f2585ca19f8e1336032aec
SHA1 hash: 32125fc9ee35bb1436be693eb8ceaf6d40d9a03b
MD5 hash: 997bb63b97307222c1d24695af5ad6b4
humanhash: uniform-michigan-twelve-pizza
File name:997bb63b97307222c1d24695af5ad6b4.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2020-06-02 11:01:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6b2a9b9b558d5f9184a81e50a2597d49 (1 x GuLoader)
ssdeep 768:pBXuhZ+9FaKkESESoMS4YyEv2JgqB1GyKmAG34hpKBKON0AR:b+/ESESoX3+JpB1G5nGKn
Threatray 1'162 similar samples on MalwareBazaar
TLSH 14534B2B7D0CD023E21546B11599A9B5BB327C125813AF8BBA486F25EC336C77DF121E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1N4sko5TRnjIjSJln614jBQ4k7EK2G-yR

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6057/
Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-31 04:57:58 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bhbpv724rxfde3zhpzimiebkchz2djxh7xa4cdd2tkobsietdj6a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
16ea5dc52c94b89cae902c89ca1e1d5572268b83014fe2d8175061f654295ba2
GuLoader
1b476c8bd4604f9eb16f852bd2a7770520789b8740195c32b30f68dcfc9e91e9
GuLoader
4f965aee8b694528d2d11d5a80eeee466959650ffcd12b5f0fc28d3a11709e27
GuLoader
5a5ee7a7accc9dea18429c75f62db226599e96d50cdf5f1fec7d5e40881278b2
GuLoader
639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
77e7fb63d8ead8a0eb26e033cba63599507028ca5a12ea6439f0cf8f9e52d5ce
GuLoader
90f524524ea48936e32b5940e156cbd38e814127ec7b8023f82170ed55370449
GuLoader
c8bdfc9eea22464897b3dae7829464348f27a1ff1989cf33d1de95bc0a99527f
GuLoader
fc83deb95f3429cec6679ff8d3ebdcc3ef8cf4944bf0b83dd4d84e5f664b000b
GuLoader
+ 1'152 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fzx9572sps/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/373408/
Cape
Cape
https://www.capesandbox.com/analysis/6057/

Comments