MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69386692648e92eb4a80be0962bc1dff4a1c6773ed7ae2f30a2947ad96449f03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69386692648e92eb4a80be0962bc1dff4a1c6773ed7ae2f30a2947ad96449f03
SHA3-384 hash: 867d028ba2ff6c60c524645804bfedfe41a33d5aac0c6f08319bdd4a78c123ff55e7a47db7bd7c6abf660f576b692224
SHA1 hash: 37121b5e698ad8f68dcfa7dd173bea677a8c2ed0
MD5 hash: 06e25a384637a5308eb260b3423eb0e3
humanhash: early-failed-shade-may
File name:f.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 14:43:40 UTC
Last seen:2020-05-25 16:12:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c79495317e96b140aea4b5eadc7f4b0 (1 x GuLoader)
ssdeep 768:+X9jW1ckoQGPCCnn8ir+Z2+j374vjgSNOkUK5dMuywhAa+2IvqmiAOG:ojW1eQGy2cuHOkU4GwhAP2I0n
Threatray 678 similar samples on MalwareBazaar
TLSH D9B3F91B7AD0BCC1EC018EB259DAAEA40E2AFC292C654F473D5EF71C15BB5902FA0705
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5576/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCN.16040.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 11:00:23 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
GuLoader
6431e6867f99822d3db78c6414571041c14b194fc6363aec5618180b492389ba
GuLoader
91adaeeb7ac7733741a68cc0283a10f64403f64d1378558bae2342bec847f8e5
GuLoader
9ce39afed2b1b439d074bcda9791a603e32054133fb4928c58f4504af4cda576
GuLoader
a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248
GuLoader
f3691f40ec472e4bc10cd7855fce1e52a6e177513c1cff51054463cff7106601
GuLoader
f7bc1d048862d9c11b8ed1a9b294d1d1913d2b11ca19598ec1d7f2e028dd207e
GuLoader
f8a6d117bfaaeaf97082bdab997196ebc517e34c45eda9b687c19923feeefdd6
GuLoader
+ 668 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rrtj7zn1c2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/5576/

Comments