MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
SHA3-384 hash: 7f82eb1a0db01906e833860e250ae4dc64dbec12ec630a092a9a7277ab9758dbd83410f64be42de431d8f8da398a48f2
SHA1 hash: 7c2a43152fdb945b0f97535e91aef48e756b7eb4
MD5 hash: 095e9c2e082841021fff0c46c397f857
humanhash: berlin-jersey-indigo-stream
File name:095e9c2e082841021fff0c46c397f857.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:151'552 bytes
First seen:2020-05-28 07:00:40 UTC
Last seen:2020-05-28 08:22:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b0b9166e631521a7fd8126d54c6a81a (1 x GuLoader)
ssdeep 1536:l1+ADW+11LHuMIiPbfZofcRkieIWhQ6fNK+8j:LnDW+11LH2ybfAcRIIw1f4f
Threatray 1'133 similar samples on MalwareBazaar
TLSH 60E37502BDE5AC7DC58A3AF1589569972A066C00BF0027EF21C5FB7D723A4E17C71B1A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1IIiWEaR3KDpbcJ2-komF0Yrcol8ApZHk

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5789/
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.jm0@FK6mLRci.12196.26101.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 22:07:39 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
0c724e4704276e151507e1379011952245432e05f09bf3945254baf80e04eedb
GuLoader
15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a
GuLoader
286c2eb8755215619d8cb48cc884091251729d5925b74444fe3b62c2c1a5acb5
GuLoader
308c96557c6be5d4519ba4bac38c23e611c7b61683cfc1063a6009e216c24f5e
GuLoader
33b70dd4266c366a2d80bfacb2b1aafdafc74019b0e8a6aa480bd909e73f3a6e
GuLoader
4100f196d5289b085ea167afbec9aadbb5105bf46e48b5402f583db123878f96
GuLoader
662df407f177b9d63dc16fe5c1068d65c8e1fbe602d05a7cae1db651179b746e
GuLoader
69fe5bb4b975f9437b6c3bcf3f07dc807a8f2e848f1e0c5802012295b06a742c
GuLoader
7a7f8f5b41981d22a64654a713d5dfdfbe6cb5e0778364a594fbaee25efc5425
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
+ 1'123 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bw6wymx3a6/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370086/
  
URLhaus
https://urlhaus.abuse.ch/url/265919/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/5789/

Comments