MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90f3c7b548e9f8d7477d4d1a2b8ea2bc2fcf26d36c79706e869fb9ded4813dfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90f3c7b548e9f8d7477d4d1a2b8ea2bc2fcf26d36c79706e869fb9ded4813dfe
SHA3-384 hash: aac39fed864e1c5a828ea86df8fcbbd4d0ff9e0356cfe70e2384b03a48a8988b82190b76a594f91f78611800f354ea75
SHA1 hash: 086458231901d0d05e0e120739393973f06e5450
MD5 hash: 861af532adac4a8e16da34bc675740c6
humanhash: november-summer-california-uranus
File name:861af532adac4a8e16da34bc675740c6.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 16:34:08 UTC
Last seen:2020-05-27 17:50:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f158ed7d0c660f21f165e047967e4f64 (1 x GuLoader)
ssdeep 1536:hJUeuq/EifdldJqu7b430pv8PYjCJA7kxSK:jU7qHfdpqu7b9pv0YtQ1
Threatray 161 similar samples on MalwareBazaar
TLSH 2DB3E713B980AC72FCB58FB12CB296941E33FC6269094B17B605B79D29331DE34A475B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/pm_ATzNf107.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5716/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33910990.24449.5776.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 03:20:15 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449
GuLoader
26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
723f3254a1c52bbfb4822246c8e7718416991169024092065cc51eb158101d7f
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
8343a39d3be7fadba5499bdde6887e016fd688309e881a394dfbc5392ca1e2cf
GuLoader
a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
GuLoader
b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967
GuLoader
f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844
GuLoader
f651bb92be806b5ee11a774bdf86227ccf8b720d0d15f31d542d3d992aa064a8
GuLoader
+ 151 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sknj681l8e/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 90f3c7b548e9f8d7477d4d1a2b8ea2bc2fcf26d36c79706e869fb9ded4813dfe

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368799/
  
URLhaus
https://urlhaus.abuse.ch/url/366100/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/5716/

Comments