MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85b3b12892570a08fc7c60ad0f4788fb3a4a8d6a9b1cfdf79495b0586cc513d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85b3b12892570a08fc7c60ad0f4788fb3a4a8d6a9b1cfdf79495b0586cc513d1
SHA3-384 hash: 6e148e9d53b6594c3f9cc02b41463d22cdd52112d03a1ac7b95fcfce5700f3e792dc5813ea1b260bcfdfe753acffcad7
SHA1 hash: 4db32600d80e746f18e1d55c35de9906f818cc42
MD5 hash: 690c7baf32f4a8a8ccd3e83b0c0ee82b
humanhash: item-lamp-bravo-mango
File name:690c7baf32f4a8a8ccd3e83b0c0ee82b.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:15:08 UTC
Last seen:2020-05-21 08:53:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3bf156c9ded280453402a03929762341 (1 x GuLoader)
ssdeep 768:f9lClVlBMssFYVLTMH/m6oB1EY3/HrN5I+rTSk/zB103ms07BkXOYq0iitJ:iljVsFKnMH/QfrN5jrTRLB6jktliD
Threatray 306 similar samples on MalwareBazaar
TLSH 09A31821F690ADB2D64685BD4F7B8E68921FEE340D11DA0BB4C57F2C25F3543A82234B
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.43673.2402.13278.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 23:57:09 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qwz3ckesk4far7d4mcwq6r4i7m5evdlktmop354uswyfq3gfcpiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
13277d505db31b33c1c62936da1cebd942555d66b1a74edf5a44336d62117221
GuLoader
3a269358089c5d4852d4c43ce63745226d1b889620be5937125184569a379999
GuLoader
5c8de7c3ff4d9ad542fe30c13e84cfe205122faefb6427cf7323298eb47ab0d3
GuLoader
6fd66c1d011fe7b8658211ad8990d9b06d23722a50c407675112ffb879043fa5
GuLoader
7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c
GuLoader
7d02ae5ae3ed3b7a13ff5495174216ea3195764d7154b8e9b4997c74fd08fb09
GuLoader
8f09e2d15730d4a4e19876b7d4f284fe43494e761824081dee255c677630f8e6
GuLoader
c72abb73f39b466cd8b230c1fd9d6c1bf46573db11038eaa407d47976eb317eb
GuLoader
ea38089348d047f0b0162a6d3404d579a42e355d62e01a7c1bc38c1af764717a
GuLoader
f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
GuLoader
+ 296 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-m7zzf9w4ge/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks QEMU agent state file
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 85b3b12892570a08fc7c60ad0f4788fb3a4a8d6a9b1cfdf79495b0586cc513d1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/364846/
  
Delivery method
Distributed via web download

Comments