MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c80924676beb57ffb753a576380eed1ec48e265a7843a52b08664463d890b61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c80924676beb57ffb753a576380eed1ec48e265a7843a52b08664463d890b61
SHA3-384 hash: f8404234b84fe15889a7d5f909b45d9cb364766ba38974d3ef120e6a9781d2bcfcda16cdac51e2fbe1e65501b1c60309
SHA1 hash: 0af6c6be848e1801061887492acdff20ac2ac0f5
MD5 hash: b68e2a73ad3a859a3fc35b538d88d82f
humanhash: lion-enemy-item-skylark
File name:Swift Copy.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:49'152 bytes
First seen:2020-05-29 06:09:50 UTC
Last seen:2020-05-29 07:33:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a64889d3870679da3019a4b5f0f5e3b9 (1 x GuLoader)
ssdeep 768:HCRjdQLWoxjYuwl2kEb1H2g+R/aRuLo6qf3bbrZz+jNU/:i/wxxkN2p1rm/aR5fb5zsU/
Threatray 805 similar samples on MalwareBazaar
TLSH C5233A27AE5C0412F57D87B139679DA339366DAB05119E3F5B8889982C30A437DF231F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
5
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5885/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.47650.13131.2729.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 22:39:59 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15187de4f29194c60f3f199549c345592e967ee8ecf9a39b0a40c1796fdb222c
GuLoader
4a21cad0d588267ebde8f8112e9d85bf355c77434beda6436cd9403a0a787c0d
GuLoader
6b264d7bac7b64c40d89c0e35016ce95f78a90f4f098fc3c1116217c98fe544a
GuLoader
777d646e09cf725986f3617d40d5bca943d077015759e346e3e8f5314cac13ce
GuLoader
accddeb954844341b87c006344f21c50757cd228d2f071d39e8707209b1a49f9
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cbe345880baebbc56c019721184c56577bccf0b66091b09f90163646f0bc7af7
GuLoader
d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb
GuLoader
eefab144fefdb2883084329ab3755717ed6882b348eea18aa611a0a446c39f69
GuLoader
f199ddc51e67123423b6d58ce8cb90b7ac939fec447fedf647650f09497d1c46
GuLoader
+ 795 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-35qq4e53bj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace d76097807b26d4515e0ee19c3b75e2a609f4288a41d7f7081adf4f572dc155c6

GuLoader

Executable exe 2c80924676beb57ffb753a576380eed1ec48e265a7843a52b08664463d890b61

(this sample)

  
Dropped by
MD5 07e1b8d8a24bcb57a252e48f318ab064
  
Dropped by
SHA256 d76097807b26d4515e0ee19c3b75e2a609f4288a41d7f7081adf4f572dc155c6
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5885/

Comments