MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ac04fc065e3f2ff00ce027de2cadcefbe88ec0fd7a8f1d578b3409419de2228. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ac04fc065e3f2ff00ce027de2cadcefbe88ec0fd7a8f1d578b3409419de2228
SHA3-384 hash: 0037e53e04f99336df8a54384ba2b9122da296655f524144bbae31ee06cdceed988e0dd62fd7d0b606dd835f47f217d8
SHA1 hash: 25ac3d9ce75cded5dcaa9e2b67ade93206c8e579
MD5 hash: c022ee98bef130019e53b27814ba00d5
humanhash: zebra-oxygen-missouri-spring
File name:Proposal2.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-07 15:48:00 UTC
Last seen:2020-05-07 16:55:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 999f63035fb7e3b170c5fe0da3a6594a (1 x GuLoader)
ssdeep 768:WUu/l1IQssCsI7ZK5Q1fW90bLAzANGkiS1Exuq4y/JEeF:sLt6sCM5Q1fK0bLtjJDw
Threatray 732 similar samples on MalwareBazaar
TLSH 1183E505BEB4ED22D55179B1EB51FA9FD70AAC3229718D4760843E1A1F32B02DE3136E
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 16:35:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hlae7qdf4pzp6agoaj66fsw4567ir3ap26updvlywnajigo6eiua._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b476c8bd4604f9eb16f852bd2a7770520789b8740195c32b30f68dcfc9e91e9
GuLoader
3631b6f02663cc48d6ca8a8396a168c0d0204326c8d3ff66b25e013c7e8d5f93
GuLoader
3fdde4c982c6028e222f0b85d1907488540221e55d0d5a8729ea644d90735dcb
GuLoader
4c8728146976e30a09321d1e158aeeb46908c54fa8614ccef7fbc9761956eca4
GuLoader
77e7fb63d8ead8a0eb26e033cba63599507028ca5a12ea6439f0cf8f9e52d5ce
GuLoader
7a844a73345acfd4a047d76088829ba790ae67a7d3a3527feecb290c6dbfc3bd
GuLoader
84742df4cd63ab373d601a9f4900b1b55f41ea5f48d93eaebb68b9fd4bf8235a
GuLoader
ccaedac7e0d5d4a655d37d59fb12bfb920785e9c8d0b811dc6ab88d3e1ca6ea0
GuLoader
ce41031b56cdb4cf97a4c9e24b14ffd16672719457b5a394daa7a4ccb91591bf
GuLoader
e91763b67687e25f299bfd0b9c30863546f6bc3e1d734c382675ce41ad87b2c6
GuLoader
+ 722 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-5fsv8hxgb6/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 29420ebf710764ecada6c92bc6105715ce0401356be533eda8f56e1c0c9bf054

GuLoader

Executable exe 3ac04fc065e3f2ff00ce027de2cadcefbe88ec0fd7a8f1d578b3409419de2228

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 29420ebf710764ecada6c92bc6105715ce0401356be533eda8f56e1c0c9bf054

Comments