MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46e4277f443844937417375ec6befe13770c4595980c7f56996381492943e419. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46e4277f443844937417375ec6befe13770c4595980c7f56996381492943e419
SHA3-384 hash: 3b8535d59f1a857dcb69a318c6c9b5432a60734b0ea1e30d88ea6c9a1a670412774410da6fb36ccc5218608b913d39b4
SHA1 hash: dc0e6291bc6b2b06593a2f4da99436e018d9bf21
MD5 hash: 910531b266e8262dd33ca0525e9651d2
humanhash: fruit-november-black-orange
File name:SecuriteInfo.com.Fareit-FTA910531B266E8.11278
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-14 14:42:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7600d359fe3e21d2f49290c23bd7891c (1 x GuLoader)
ssdeep 768:NgT4xzY1Z+wfYGlW7uQeSMLj2YS8ESOzdqono6A/Nw3LUSBVC:aTl/+MZjSD5/nA/+L78
Threatray 122 similar samples on MalwareBazaar
TLSH 1D933925BAD0D136E05486F01ED297B8556AFC312A01CD0376CB3B1D2A3AE4BF63575B
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FTA910531B266E8.11278.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 12:46:40 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2807548dd82445eeac614506066b893c6cd90c8b02c6374dfa491defc817007a
GuLoader
45bea748d6714e636270097d0dca1ec13a2442359b3b9bc09204cd73dfb4dae0
GuLoader
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
GuLoader
6bece1991883897d6c949fa8eeac82f1bc6b7fbfaf581f5b5be776c4230bd007
GuLoader
89bd696df7073c78ebc27a60c79728b782ca27d1d82abc8b0d5aafea1d1d61d3
GuLoader
d28f197462a15e5c968d7bfa8ba66b8e3a4b9c9143abe969c682dffe590a8005
GuLoader
d3e61ff0f9f172da1ba0f3e59ccdb7ea480a3e9ea6e141d134df6f421ff44cc8
GuLoader
d9a20b5a29f7c7a81854af1fb1dfe50dc63ec6026d07d271b1d3be30b061ca0f
GuLoader
f397b3ef0807ca0679420810983797c017fb980df61b23ffd002299a2b502bd1
GuLoader
f3b33a885af940210f10df7e1c96dc388161961dcb52b6d84c3b7458d20ce116
GuLoader
+ 112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-e9c6v322ln/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 46e4277f443844937417375ec6befe13770c4595980c7f56996381492943e419

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362552/
  
Delivery method
Distributed via web download

Comments