MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11ee988764e0e77d4f2eb76229e59a1a8239b84ac1abf2ce8bf729c985531e72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11ee988764e0e77d4f2eb76229e59a1a8239b84ac1abf2ce8bf729c985531e72
SHA3-384 hash: d4ae0d8a2607e62e58737d48ba4035c2b56f0595c663e3e77648d7cecff25182498237201246b6af64883f59088062fe
SHA1 hash: d2535a2edc3b13bb4c6d1ec5374de0d67b030e07
MD5 hash: e6575265c2c98d8fdb405af4e7eb849a
humanhash: zebra-wisconsin-carbon-chicken
File name:e6575265c2c98d8fdb405af4e7eb849a.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 11:20:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8487fa2f1520e9fb105e93ee13eabf7f (1 x GuLoader)
ssdeep 1536:dVlnN1onQwARL1z6ca8drjS/LNIWsc0YtDZmX8DSNN5518lwX0YbF:dfnNQARLe8M/2uJG35vkYh
Threatray 209 similar samples on MalwareBazaar
TLSH 61C31827B0C41DA1E8684FF15CA39AE72B16BC3066214F2B7646F70E67761D26DF4306
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/pm_ATzNf107.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Pony
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4958/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 04:32:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a214959e1a85a4d11444053d4262961ee29e2cc53c3f4ae8f1a59152e5d67f3
GuLoader
2abe71b49e45492b408294a415a308799ed312ff79c013924a42e53ce9c32a82
GuLoader
305a2d609d4d34967a53c2f44b9c48acd3e683ac3be396bdb359ba0398da7a75
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e
GuLoader
99a25991c82e15ee5b4db6c8aaa9b11193b2c293e1e4951e4e4cdd8a4c853670
GuLoader
9ecd33f453d14303ee13714cd9c0d6762c4d6e7ed6000fd7a6310837841ee5c1
GuLoader
a7a59d86798f2df99df6adaba2c7713a12fe773b73cf3c4c0ec60e5067136630
GuLoader
b0240d2ab275a142c3ba13632ebb00fd6cba189613ca85e4d800eb640ef0cd9f
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
+ 199 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-p9mtsx3rpe/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 11ee988764e0e77d4f2eb76229e59a1a8239b84ac1abf2ce8bf729c985531e72

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368799/
  
URLhaus
https://urlhaus.abuse.ch/url/366100/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/4958/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:10:58 UTC

#Pony

https://capesandbox.com/analysis/4958/