MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
SHA3-384 hash:	82451cc9e0ad71081508a8bb134ec7befb6c65eefe968424aebe47e0c802670d0d01e13158b39019e241fa9156322d82
SHA1 hash:	b985ef5841f83c85287d430336fb1d14a88b7dc0
MD5 hash:	3cb84445c60a00defbe86bfad9dcf9f1
humanhash:	sweet-rugby-orange-quiet
File name:	3cb84445c60a00defbe86bfad9dcf9f1.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	81'920 bytes
First seen:	2020-06-02 10:59:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	19aa8a9c146e3fb4fc3e93e1eb76c3c4 (1 x GuLoader)
ssdeep	768:tEhc7416N8lBR2zqlc2PFEzaBb9kplHkrLft3XbWY6L3sXS5em9:mFO8lLRa2drB2l4t7B6L3sXg
Threatray	1'300 similar samples on MalwareBazaar
TLSH	CE833917EE0CAA82D56042701C57CBAA2F257C494D821F8F754F7E9BBB317A21C6E21D
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

GuLoader payload URL:
http$0p8#i

Intelligence

File Origin

# of uploads :

1

# of downloads :

65

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6045/

Gathering data

Threat name:

Win32.Trojan.Noon

Status:

Malicious

First seen:

2020-06-01 12:31:27 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

20 of 31 (64.52%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=rbu3ev3olzpl2fpn5zezgwujuj53nxxfazeduj7yax3qrvf7rflq._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

1262d63aabec1fe6b68df348419485b7bbe4fecec2bac3cdcc4fe42b12d24d96

1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094

20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5

3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7

4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe

79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8

81d221135435a226a35c3099f181b6d1b427e72f414b7a8ab89ac8206b2b4959

965c87a812db18af2045b34e0aea89f39827d81b6d11a648fe96a6b1a3fba659

a465bb38250994671f200d8c66cfc0718354bc8974713ba6f9f3eb15a4acec7d

d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e

+ 1'290 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-dal87zwr4e/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/6045/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample