MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b
SHA3-384 hash: 66eacfae3d35d1db4abdfb3c94038e39bb96f899051d2344c1402db1d426bd2b2db58360b249724575d0193b28345537
SHA1 hash: 8b2021600d8f6b9fed2dff9f16efdf0c58f469cd
MD5 hash: 78777883d9624d920ed0518cfd21e411
humanhash: cup-bluebird-high-paris
File name:78777883d9624d920ed0518cfd21e411.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-06-02 10:17:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7267359554daec600a2c9613f1c52cf7 (1 x GuLoader)
ssdeep 1536:oPB+KPQ99v3vwGzoFNzqi1g69hn5TupB:iPQv45qP69ev
Threatray 824 similar samples on MalwareBazaar
TLSH 86A3FA62F9D4AE22CA4891FE2C5DD258019BACF80911CE0B74CBBB3E55F7995D632303
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1rxtJSeBwjWopUC2O9eCnaeCfaO96051A
http://crossbreed.info/run/api_postback_qtDaiY69.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6033/
Detection(s):
Win.Trojan.Vebzenpak-7863115-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-29 07:02:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jze7r3ivu2pbcr5osqumtznu2svjfb3j6jqwe6v4awosayhjjjvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1224967aa7aa8b416aae37b76dc075255948fcf66a6986a880dd00f0ca17737e
GuLoader
14885a4bfd76cdb49db108d03ce3a8c88c301c786eed577606aaacc49d673bfa
GuLoader
4cab1aacfb805a94301d5f14ff07c8a4c07cef2b81897c19fd35a04c5cfe2b68
GuLoader
54a1f9c8f39feac2378a5e2221e95dc41167cd80d541f448e0ec3e347f183029
GuLoader
6617979630def30c8a103baceedd1ddb972a53b984de91682aa93451faf833bb
GuLoader
726156ccca0ba0077df20db0e438db482c7197d69453b890332ed69a9e509352
GuLoader
7848e6e1c38a88fffa92f4ef02ecbf2ac332f2c12a42b04f6d0ac186ad815c21
GuLoader
c18c647694bc85d12a66e7c15abdc5c116ba95872c9fcfac1bfc29c6927c9783
GuLoader
ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428
GuLoader
d9073504ba97540b65006d851251f330bcfb130500daad9a7f8616cb5a6a9ba0
GuLoader
+ 814 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-res49mwgas/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/373163/
Cape
Cape
https://www.capesandbox.com/analysis/6033/

Comments