MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cd079bdace5892c891383033182a97b684daf643f9c4572faf7e4f416f9c505. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4cd079bdace5892c891383033182a97b684daf643f9c4572faf7e4f416f9c505
SHA3-384 hash: 0c4e9c93cb3c8756a3f81621daadaa4c453b7656401d77be68c0816352a652b12c0427e88f7649df95ff2914e60a9f6d
SHA1 hash: bc43c507fc1e9e251c263f91d54a1764fc07d224
MD5 hash: 2e94976d91478ee70e09fcbdfdadb077
humanhash: purple-lithium-lion-delta
File name:PO_541.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-11 04:20:54 UTC
Last seen:2020-05-11 13:37:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ce1e2ff29dcc50b3c363cf8b0ddf648e (1 x GuLoader)
ssdeep 1536:aKbZfecKScdXtJ3VJBktvUnkbQASyI8CoY:9x5KSVtMozFY
Threatray 169 similar samples on MalwareBazaar
TLSH 95A3835163A4FD27C9AA8EF20711AAE102F86C75685076037BC77AEF1639C76E270317
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FTA2E94976D9147.25677.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 04:35:25 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jtihtpnm4weszcitqmbtdavjpnue3l3eh6oek4x267spifxzyucq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0631509955b475ffd66cda5560340cda6cb3883399665e56b3e65ffee82aef21
GuLoader
0fc20e3e9fe037a0de30f8162d618a0b8e634bee0fa1bac1f1219a9adc4d6016
GuLoader
20629897fd36f8cdb5321d1c58b8acb62fa29c54c0e22b1d2e9e6bef807f7e4d
GuLoader
4466374fdf3369692e79649be6345297fa9a4f5b05f8f932d33f1b1db19ac3af
GuLoader
610d402c4582386b2f01e1297d386c62f19b2d3f89c0f0db0e9c232e7de99c4e
GuLoader
a2122ebb9e4bc5af911c6934c8c42a006d7da62327f81e0049b02f852a1fe98e
GuLoader
c360eb0ad06680e9de7f26e19b25c52f6f8886da5042fb4bbe906d5e94b8cd98
GuLoader
e5852b1568dbddec5b108ada04892d2e567b6148e3b3209139036861960f8719
GuLoader
e920edae93d44363b7f23b7eb55d9074a5781ab05cdace625283ba73bc411524
GuLoader
eb65f2004a16420ae80c5757728b73289199555135a3db08cb8e60b46a9e5a3f
GuLoader
+ 159 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qb66743pqe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip b4b271b5bde3e539b1a2aa81a48466bd21a36dbdfb9f8be2e16238563ddb967c

GuLoader

Executable exe 4cd079bdace5892c891383033182a97b684daf643f9c4572faf7e4f416f9c505

(this sample)

  
Dropped by
MD5 03dce9bca4eef1c8335277f6cf25e876
  
Dropped by
SHA256 b4b271b5bde3e539b1a2aa81a48466bd21a36dbdfb9f8be2e16238563ddb967c
  
Delivery method
Distributed via e-mail attachment

Comments