MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51b6201307ef68d78bb4c84f7991e2fbb1c616b6933985f56e692f8e18bcb1b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51b6201307ef68d78bb4c84f7991e2fbb1c616b6933985f56e692f8e18bcb1b5
SHA3-384 hash: e1376c7b61a68177de9eb7992132a99e94553e5e0cb8cdaf8ee380be16415b9ee3856cd5c70e23baafadc758489cfdce
SHA1 hash: d08bdbd1ef60093081912c2f8aceebedc9b742e5
MD5 hash: 792fcca9c673fdec3f8faa5be736155d
humanhash: march-floor-august-apart
File name:Payment copy.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 11:26:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 38c45471db3a9fb5709b6b85db03c657 (1 x GuLoader)
ssdeep 768:7cYPj15BC8coqmYajLUUR9yiW8giKebcG7TgqAE7yPhd2p:/nvFVsxorbfTQc/p
Threatray 903 similar samples on MalwareBazaar
TLSH 5D834AD1B1F8E533DA084BF16B618BE6011FEC3209928D9FB9C6775E163A650F521327
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.40805.13266.11317.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 11:36:06 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kg3caeyh55unpc5uzbhxtepc7oy4mfvwsm4yl5lonexy4gf4wg2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1224967aa7aa8b416aae37b76dc075255948fcf66a6986a880dd00f0ca17737e
GuLoader
14885a4bfd76cdb49db108d03ce3a8c88c301c786eed577606aaacc49d673bfa
GuLoader
305a2d609d4d34967a53c2f44b9c48acd3e683ac3be396bdb359ba0398da7a75
GuLoader
4cab1aacfb805a94301d5f14ff07c8a4c07cef2b81897c19fd35a04c5cfe2b68
GuLoader
4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b
GuLoader
54a1f9c8f39feac2378a5e2221e95dc41167cd80d541f448e0ec3e347f183029
GuLoader
6617979630def30c8a103baceedd1ddb972a53b984de91682aa93451faf833bb
GuLoader
7848e6e1c38a88fffa92f4ef02ecbf2ac332f2c12a42b04f6d0ac186ad815c21
GuLoader
c18c647694bc85d12a66e7c15abdc5c116ba95872c9fcfac1bfc29c6927c9783
GuLoader
d9073504ba97540b65006d851251f330bcfb130500daad9a7f8616cb5a6a9ba0
GuLoader
+ 893 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-zj4hn6c8zn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 187c867ebe9699e4e246a9ef19e75861f1d1a4bac77d2404dd538ac9285300f2

GuLoader

Executable exe 51b6201307ef68d78bb4c84f7991e2fbb1c616b6933985f56e692f8e18bcb1b5

(this sample)

  
Dropped by
MD5 a72d789faa4cc05dc77fc444f9af75ff
  
Dropped by
SHA256 187c867ebe9699e4e246a9ef19e75861f1d1a4bac77d2404dd538ac9285300f2
  
Delivery method
Distributed via e-mail attachment

Comments