MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4af9eb9a627fd64924f12a6a972423e8c5a553108be81d0ee259ff4de7d638b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4af9eb9a627fd64924f12a6a972423e8c5a553108be81d0ee259ff4de7d638b2
SHA3-384 hash: 54768743210bcf4992e3d82c46d2c7776abcc9e9cd89dc56472bf4916a3e63afb55e132bd3a223c11ed5b0ebfa9ce778
SHA1 hash: 88d7f813984916656d6174bd98c9702873c781f4
MD5 hash: 6ebcd7df28c4f4220a95e5a2d6d7fe43
humanhash: equal-victor-georgia-potato
File name:6ebcd7df28c4f4220a95e5a2d6d7fe43.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 08:25:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 21bac4c838d64bf77c6ace353c16ae40 (1 x GuLoader)
ssdeep 768:3PugXuridnAoC85h97HLrxLUCFliTavfECmDlBJOZAZxOLBUL:2g+rs+qqNT5wEx
Threatray 896 similar samples on MalwareBazaar
TLSH C7732B2BFE48C171F59546B124599163BB29BC3258059E0F72406F6EAC32A83FCF572B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1-6xwJqfih8urv0xeE2zL9nCQl25sZjdf

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5501/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 05:19:33 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jl46xgtcp7lesjhrfjvjojbd5dc2kuyqrpub2dxclh7u3z6whcza._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
5344451622e4d4ac6036cdacefa0e5299843a2aee428cd643bcc663630b3b3de
GuLoader
57bb966172a1d6bc994a682ef5da9b8b8fdabef539f44024c7e9368e6416d457
GuLoader
6d043b33b33e6baaf7514b9ca56f8dbd8aa57bc71a9040bf438bc780c1a4ad5f
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71
GuLoader
8255284fa792c767fd2464364f12f297fa92a38383d2303d7cf9dcb8b74bdfa5
GuLoader
b9a39d44f35f5b894ee479f2c6878d231911099512920ff5c494896bf6ec4f32
GuLoader
ca29da046b516565cd41c9bb5d9ba29f8a8f9f7fc5d64a42a46b276c55874074
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
+ 886 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-w4r4acmgfn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/5501/

Comments