MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fa3607af6cb9101d40fd17880c344ffd219bc64511c6a93e743033afea0a1ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	0fa3607af6cb9101d40fd17880c344ffd219bc64511c6a93e743033afea0a1ee
SHA3-384 hash:	0b4e69682bf33d5971ba7ae102287c86c292beb850776ac6e7f7b236830c452f1c8830b0c864d53441c0bf086079aa20
SHA1 hash:	4d1a4136a10ea2e404478692efed1affe3ad1459
MD5 hash:	8fd963c9e3e2add48f98aacf5a95a747
humanhash:	bulldog-mike-oregon-mirror
File name:	dnap.jpeg
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	98'304 bytes
First seen:	2020-05-21 05:56:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1bff5ed2892b203a6ca53da7ddf46371 (1 x GuLoader)
ssdeep	768:2Mwfo0DXBj8dqFNvSBLswoXm9SHKWAngDEf29rqrQW6BFGk:Co0DXBM21JXm9SHKtnNlaB3
Threatray	870 similar samples on MalwareBazaar
TLSH	6DA3FA22F8509EB2DD788BFD3E789558526BAC330D12D90774CE3B5C16F358694A2B0B
Reporter	cocaman
Tags:	GuLoader jpeg

Intelligence

File Origin

# of uploads :

# of downloads :

136

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/4381/

Detection(s):

SecuriteInfo.com.Mal.FareitVB-AB.22191.8547.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-21 06:27:30 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 31 (74.19%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=b6rwa6xwzoiqdvap2f4ibq2e77jbtpdekeogve7himbtv7vauhxa._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-6mrqmy5mhe/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/365731/

Cape

https://www.capesandbox.com/analysis/4381/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample