MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
SHA3-384 hash: 762d677d49260b71588c83080a5f7c8dd61f4063f7eace28d578d525e13c7e098b30ed447f1c23f8a9dcb98acd86e455
SHA1 hash: 0dc1c71e232328839f7d6b3ac9151a7ff1576c63
MD5 hash: 6ee2e3f03f67bc69d29d14389bc62472
humanhash: finch-pizza-louisiana-nineteen
File name:6ee2e3f03f67bc69d29d14389bc62472.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-06-03 13:05:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash add15931ffbd9980f7cff4263044c931 (1 x GuLoader)
ssdeep 768:yMIhc7416N8lBR2zd4rZ5CNzFp3EaBe3rhB+pbNmnpvJrf7LtKUhpAt/Gd1sX8Zn:RIFO8lLDCH/B5eTvpAJGdQQDWuAxS
Threatray 1'712 similar samples on MalwareBazaar
TLSH 7304940BBA4CC74DE2108A71FA7642F51A64BF1BD842591FB5CCFE1E377021D28586EA
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1eDEntQNxLgWiSTM2gWmzd68HHE_CSky_

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6277/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 17:35:15 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f3jkk2lh47ft4gfywlfzcc46nu2wuuvjwznakme4g3wgf6qjo46a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0661a441ae0af8542687aeb35aa00942b5b2bd1543c35574c0f4cb4592ed4c36
GuLoader
3939a9494bb1636232937e57243c7c362fc9c08a0f9944509b60cde9943993e9
GuLoader
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
GuLoader
7f95fc08dcdbe713e3a41b5b5d72763b4b3a4c608a1766596c8d055b12b2ee27
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
9d772f078ebff5dd18830b266cf39eaea44289e765d6290e8589e684a22d0946
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
cf02bb3aa058cc571d6c3368f98a96fefa3db05a813ea479d002edc1c3cbdb95
GuLoader
cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
+ 1'702 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-l8ma8x319s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/375998/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6277/

Comments