MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c69b80c225b95161ab357d6a35bf54846167a38bea69de84371c283ffcd0a8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c69b80c225b95161ab357d6a35bf54846167a38bea69de84371c283ffcd0a8c
SHA3-384 hash: d83c1879bb9fbf4554712615a3e1d8a331189120f0a160c7cdfade19db5bda3d3f37ac521ad1b819e86de065fc94954f
SHA1 hash: 91543d33627fb31bff22e2815ef72981340561f8
MD5 hash: caf915b8b4843af42dd3444b37d7b499
humanhash: comet-july-magazine-sink
File name:caf915b8b4843af42dd3444b37d7b499.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-06-09 06:43:29 UTC
Last seen:2020-06-09 13:28:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 477a687fd2adda1f8c37d806626d242d (1 x GuLoader)
ssdeep 1536:QuRtSdNCDKPnjZriaqLBcSX1CfrtNp9A/Z3CBa:dQoKPncBoK5CB
Threatray 1'419 similar samples on MalwareBazaar
TLSH 4D837D177E68D512E00106743CF39B642BB6BC196C41AF4FA285BE5FE871B427CB622D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://103.114.105.111/bb/xb_TpPXM191.bin
http://outttloas.duckdns.org/allbackup/ccv.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7266/
Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 03:04:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bru3qdbclokrmgvtk7lkgw7vjbdbm6ryx2tj32cdohbih76nbkga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2ffbb987622b48ac9e1b3a53291f9af5a3949ba14019d43756a8219f66af0a86
GuLoader
494d5e5f87c9552bce9a4c255ab358cabb144982fca06703255e0ec791626865
GuLoader
604cdf637c64c8862b506caa60d1a66b02f97127dc265c6943cadd126fc32f14
GuLoader
79afc9b39ba7fe7dd6ed282d39eb915bb47271d552177f62c6606b99901f9cd2
GuLoader
7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971
GuLoader
869df63edd9b9c96960da5d8022b1194c9f16b4a1f0b9ebfc7860e1aa2fe41a2
GuLoader
996d663495ef1d96ee9fca68c07a4173910824b4956214edd0af1c53501608d7
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
GuLoader
fc69637262c3ccd722552ece430c078195f3999934cccabdb2fcf0a6e2fe9446
GuLoader
+ 1'409 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-2ssle9nsax/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/384287/
Cape
Cape
https://www.capesandbox.com/analysis/7266/

Comments