MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9642f5a33edf7228acb5165e5d8b4bd5266acae4b3f4174c3ced12c90e21b2e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9642f5a33edf7228acb5165e5d8b4bd5266acae4b3f4174c3ced12c90e21b2e0
SHA3-384 hash: 00b674fc5ced5ddb9b6f108d2dd41fde1ef25b3c6609cb80f2da105f4177d0fb7d1457f2ef9f1d8954c26fa22bb5c951
SHA1 hash: fbeb91c09803b3108a5b996de5c7dedae225342b
MD5 hash: ba543e3f343be95ccc6eb35ff54bfbfa
humanhash: echo-bluebird-low-lemon
File name:SecuriteInfo.com.Variant.Razy.667447.32261.11212
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-07 08:44:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bf1de3bb708781ce2b3cb8ff0c88cbda (1 x GuLoader)
ssdeep 768:+hiX9iPvyfIYhaq01v/r9pfffnC9v0Zx1eTlZgpqd5ABcqrjz0MT7:w89iSfgvLfffnCt0NeTPgppp1H
Threatray 768 similar samples on MalwareBazaar
TLSH A8831821BDB4EC72D6147AB1DB25F69FC356EC3229728D0721847A5EAF35A018E3121F
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.667447.32261.11212.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 19:45:18 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
GuLoader
81d221135435a226a35c3099f181b6d1b427e72f414b7a8ab89ac8206b2b4959
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
+ 758 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5l1s6bxz5a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 9642f5a33edf7228acb5165e5d8b4bd5266acae4b3f4174c3ced12c90e21b2e0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/359323/
  
Delivery method
Distributed via web download

Comments