MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c318da83e3d6644f8e3cfc7b57627970cbbd6a607c7c6e661c3bdb9bd20ba44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c318da83e3d6644f8e3cfc7b57627970cbbd6a607c7c6e661c3bdb9bd20ba44
SHA3-384 hash: 11130c62e92011c1c70a2f257db62cc9a86d22ca40b39f18f07b9914cb4a1b7598bec14aede7e8ec466b2aeb3dfa622d
SHA1 hash: 70aa45c53f79a69d805f4ae2f9d304298297bcd9
MD5 hash: adac869c8401d6ac3ae526f4dc449c81
humanhash: happy-hydrogen-coffee-sierra
File name:00.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 14:43:21 UTC
Last seen:2020-05-25 16:11:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0fb9849003ce64f8a4f07e43efd0d6b3 (1 x GuLoader)
ssdeep 768:WRtRst/xUQyD74u+znhNf6+GNK7YxNxu8JMLcy74OBf6Nt1vJem2NGZ3BQhmS8:WMyxvynLS8cxNLJ+AtPem2NGZRQz8
Threatray 860 similar samples on MalwareBazaar
TLSH 41B3F742B6D8ACA2FE031EF55FD58EB80D66BC216C414F13724ABB2E25331856FE1316
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5575/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.gm0@a4zVeGfb.12986.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 05:43:28 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
2e4e588077024fa1b6e3a621faef00f099fdf962d850adc1895cd0d878a1e8d7
GuLoader
64e277226ed8348102a4af90ee5cfd3624712a5376c447e16b72377c9d6c3acb
GuLoader
6523cec93d68e38809ee7a9da3121fd5e535d2755828f668aa507a0b0d18b1e4
GuLoader
a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55
GuLoader
b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
dcafd8ba263cf7e448be257a8d25c968a0060908f93f9d02a068bb0dd482879f
GuLoader
ed1148a724d239376a2f9564f23ae474c2f862d9d4e2b8706d955db399cf28f7
GuLoader
+ 850 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-en2dgtwfpa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/5575/

Comments