MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f97b36a796167d7d641a811c64ac23e7ff9998422308aec6d5753b9625f3729. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f97b36a796167d7d641a811c64ac23e7ff9998422308aec6d5753b9625f3729
SHA3-384 hash: ad45fb3e8e896b322d804ec6f2989e2d0d4f476e7605b27665cf6fbbed7b0245dfa06990ac7d14761928d738fde5ded5
SHA1 hash: 16610c9cb019a63eaf3a6e22cfdc1cae0e9c2ae8
MD5 hash: 6824c8c0361c2275ed63b8cb25714e2c
humanhash: network-hot-violet-whiskey
File name:6824c8c0361c2275ed63b8cb25714e2c.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-26 13:39:06 UTC
Last seen:2020-05-26 15:24:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d57efa650558d7d29003901c637ccdf4 (1 x GuLoader)
ssdeep 768:Tg4DYjGHZEH9AmB+B72+mhj+SLdSInf/+cOH1r+5jG3sEjjKffNvcE8QaAr:04DbMB+B65J+RIncH1y5OLCNv5
Threatray 5'117 similar samples on MalwareBazaar
TLSH 77B30817B5A04C73DC2DABF11CB2E6910DA5FC502D024B1779C9F69DAA739CA18F231A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/apsfb_BAUdZ119.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4949/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.hm0@aeUQLyob.5894.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:36:02 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1004b3957abb87dd5bd6a77a0b65930f32bb27a7121a10715ac8ca170619b024
GuLoader
1e7f88a0e73d63b2f6bbbb4c009b1eec11999ce62da1d3122473cabd502134c2
GuLoader
3ccf8c8e41e08d5a8152659ca2cd6348a15c126ca4571129d4a118de63d45f80
GuLoader
460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6
GuLoader
6dab870a5c920547d6a8a343244b15e61a764f4714a438c4212db404dc18f278
GuLoader
71143c4b78e1626ce16fc67c88e5237afe61c74ed256712f78aea97b79c5e890
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
afa6acb992c2a3a3ee436a4627f8f5e0feed8e6a77dfa4ed6715069f12aef650
GuLoader
b7853fa1e5921dd495975f697eb17ec18253ac022980855730598ef667ce9c2e
GuLoader
da32993754454442eef39fdeebd12d93d25299369f4db9c8bf64b6884a07c4ed
GuLoader
+ 5'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4ra5e9prgn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 7f97b36a796167d7d641a811c64ac23e7ff9998422308aec6d5753b9625f3729

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365702/
  
URLhaus
https://urlhaus.abuse.ch/url/365948/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/4949/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:13:12 UTC

#Formbook

https://capesandbox.com/analysis/4949/