MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
SHA3-384 hash: 5ff8bbb536e8b98842ecc3f6edd9e0a5eed10000eec24b2df7623830916e9d924f173fc9eed40933ffe86c4f41f74ca6
SHA1 hash: cef068a8dd6e779c0f4ae2b6a7ebb3b3d233c85c
MD5 hash: 442b3bc95db6531761b934ce333db861
humanhash: robin-ohio-mockingbird-cup
File name:442b3bc95db6531761b934ce333db861.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 08:26:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e705bb9e3e16cd0711d65742524a7734 (1 x GuLoader)
ssdeep 768:3B0Xu5kPZBX7jxZdzLqH7OPdzOGmFl2TEvfgeESCH1d1OHXn1beP:3B0+6ZBX7jxrLqb67NTB5H1d1OHXn1
Threatray 980 similar samples on MalwareBazaar
TLSH 35733A1EBE6A4164F14545B51A55E022BB29BC3164069E0F73402FAAE872D83FCF573B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://cor.sehablae.com/mana.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5514/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-31 23:54:35 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gkmi3hx554cbjhnpw6vnqwwpyatlsbsffmoguenv5baccv6sa2iq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1403d5f33c1379c32f1cb03b1c72d317b81541532647386e7aef8ba51f4c18c6
GuLoader
6b44f8bb0a99d2b29794f048d92bd25805461a6eb9fe45fd82836deb63adb774
GuLoader
729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285
GuLoader
7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
a0ef6565b8fed20e76a7fc22c4627c0a62b6d5bdc3b79b7901a00e236060ee2b
GuLoader
a66d1021e54269963e9a54892869d569ffa1c74d9fb1b67f023ea5fdfd90c1a6
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
daa83b31dedd9baabaa012bf052e93e0b378fd00d7c8f8b18ddd8665e04aeb4b
GuLoader
f1f8f362f768269887febcea5bb11b4ece351b3c0b8be3682c6095fc9f3fcae4
GuLoader
+ 970 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5blwqlrl5n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5514/

Comments