MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6dab870a5c920547d6a8a343244b15e61a764f4714a438c4212db404dc18f278. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6dab870a5c920547d6a8a343244b15e61a764f4714a438c4212db404dc18f278
SHA3-384 hash: d294053eb242e5baebf1e3cd1b73d2a6f16ad8a59394a7c967f616a57407f16a48c16d4ee1c18715f9cb250a7f7efe62
SHA1 hash: 5d4115636e56658440605db47327eed0766a4b5d
MD5 hash: 94f18a5fcb7432860bfdb72d6739c997
humanhash: sink-alanine-cola-west
File name:94f18a5fcb7432860bfdb72d6739c997.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:23:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 92e17d0ed1502b94c7b03b29ad7fec58 (1 x GuLoader)
ssdeep 1536:Wb0YF4tcXWZff8dpkpKFA0r2Fk26skIVzGx22pzC:q0YF4ZYAfG26skIV8Je
Threatray 5'118 similar samples on MalwareBazaar
TLSH FCB3A4037AECFC85ED528EB10AD26EE40E66BC212C519E47391EF65D3A772801FB0719
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/apsfb_BAUdZ119.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5557/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.28790.768.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 02:27:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1004b3957abb87dd5bd6a77a0b65930f32bb27a7121a10715ac8ca170619b024
GuLoader
1e7f88a0e73d63b2f6bbbb4c009b1eec11999ce62da1d3122473cabd502134c2
GuLoader
3ccf8c8e41e08d5a8152659ca2cd6348a15c126ca4571129d4a118de63d45f80
GuLoader
460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6
GuLoader
71143c4b78e1626ce16fc67c88e5237afe61c74ed256712f78aea97b79c5e890
GuLoader
7f97b36a796167d7d641a811c64ac23e7ff9998422308aec6d5753b9625f3729
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
afa6acb992c2a3a3ee436a4627f8f5e0feed8e6a77dfa4ed6715069f12aef650
GuLoader
b7853fa1e5921dd495975f697eb17ec18253ac022980855730598ef667ce9c2e
GuLoader
da32993754454442eef39fdeebd12d93d25299369f4db9c8bf64b6884a07c4ed
GuLoader
+ 5'108 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vah9j28rxe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 6dab870a5c920547d6a8a343244b15e61a764f4714a438c4212db404dc18f278

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365702/
  
URLhaus
https://urlhaus.abuse.ch/url/365948/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/5557/

Comments