MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
SHA3-384 hash: 92c1d05a42daf0693dd582977f62b0426ae471b6d4e80cfb46011daba4250d905b6a9a4b40289de656127a78f251e818
SHA1 hash: c4557d9db04ce7811bd4da986c8eb680c6f8e063
MD5 hash: c70680eaf93eb055faecad8b0eda69ee
humanhash: fish-december-twelve-vegan
File name:c70680eaf93eb055faecad8b0eda69ee.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 08:26:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 233416b47ae60c59ed0b66c081aeee9a (1 x GuLoader)
ssdeep 768:ldYXuLy899ZsuIWwBZLyHR7p/eyEZJFliTavf2CxDlBJs0vyyOJ:3Y+e8TZsBjBZuH5sdZ8TI+Ay
Threatray 1'047 similar samples on MalwareBazaar
TLSH E7733A1EBE4D9179F0494AB5196991627B39BC3114065F0F72043EAAACB6D83FCB133B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1hqvwKse1daV2nVRC9PkeCe3WDJ6wVPho
http://www.customeroues.com/test/2_ShqsvTewuE192.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5511/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 04:37:50 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=opq5ir4z633576arsl22ewupzf4phynk6xeuqvvjjtgeh3zpzcea._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
065b9addef99d85189725acedd58d8242b61bbeebd5fed807ef7fdedd22bb7c3
GuLoader
397d78ef032cac6fc37be9719672f02cd4df36135977079fca7b4a45a4ae352a
GuLoader
57bb966172a1d6bc994a682ef5da9b8b8fdabef539f44024c7e9368e6416d457
GuLoader
6d043b33b33e6baaf7514b9ca56f8dbd8aa57bc71a9040bf438bc780c1a4ad5f
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
95b7bbca4d924be150fb6858b8546d3386d44a8a589a7a60ab1a0961718ee84d
GuLoader
a0ef6565b8fed20e76a7fc22c4627c0a62b6d5bdc3b79b7901a00e236060ee2b
GuLoader
bdfc8efb0dd8f8530002fca468d1234513bf740a9515269621a83f9af1128550
GuLoader
c1f31495b3b0b03ae468812206b77f23aa3513c00a2a647a3bddca6c0aedf215
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
+ 1'037 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-s66fyrcyts/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367858/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/5511/

Comments