MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 250051d6d9bd369c1b513ab41b5f9da87b04166af831d170dcab225aa0d86913. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 250051d6d9bd369c1b513ab41b5f9da87b04166af831d170dcab225aa0d86913
SHA3-384 hash: 71adbf93f34a5f26028df48f88d7d0e86122290fcc8c37cba063730499f4c1125da62d28c7802886cca003ace255bf0c
SHA1 hash: 106cdbab26891c5e452187b3cbadafc46081abcd
MD5 hash: 5c7b175c8ded586c19118c3975343241
humanhash: juliet-quebec-johnny-august
File name:SecuriteInfo.com.Trojan.GenericKD.33783552.23466.7024
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-20 17:04:25 UTC
Last seen:2020-05-20 17:45:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a3a3c7b8b38a49fb4c8e358cca1648fd (1 x GuLoader)
ssdeep 768:wnJWdhWXODY79bPBK08EHa8rt6viRMSJBpxp5CHUiGbf6Gp6gdsEUggZm:OuhWXwa8VtviRMIiGb16gdz7
Threatray 1'487 similar samples on MalwareBazaar
TLSH 8883B306BEB4EC32D444B9B1DF66F66FC766AC300931890B69443A5E1F36A078D7426F
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4610/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33783552.23466.7024.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 17:31:44 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=euafdvwzxu3jyg2rhk2bwx45vb5qiftk7ay5c4g4vmrfvigynejq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2b911df18337cc69e42d8c16ab58856af2722c7618146a491c9efe54aa73fdbe
GuLoader
2ba5b16b9ce46066c1122bad1fc5feb3de0743451c6603b98e3d0ffe6f9cc019
GuLoader
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91
GuLoader
95a4cf409c7e7813bfa744598bee2e0e572b2d05ec31622867237ea6dab8a813
GuLoader
9b28aa737bbfec90341c6a42e2d44f3308659e4fb9dd42d98a0b46cde7aaed63
GuLoader
a0023ed551a57c336b69dcf494bbf83549ef8ce570fcb273333cf1abbc2863cc
GuLoader
c9b99232e093a959beaecf8d48616b40716fa2b9b6eaf25fed234dfe28e8f2fe
GuLoader
e237d6e3b44c0bcacf4eff59f58c8028a48c0675f283adc96490ae6daf645bd7
GuLoader
ee4a192729f039c2b5829259f58443b9f6564f2d4973e315cc9437bfd166f536
GuLoader
f91f135e5aecd2e2e8d81ac771475de147b858c1807bde08e47cdf68f545d8da
GuLoader
+ 1'477 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qh6ctftb22/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 250051d6d9bd369c1b513ab41b5f9da87b04166af831d170dcab225aa0d86913

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365319/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/4610/

Comments