MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0da1c24eb6a23bd435cf8787a335324b0dd654bfe01ab76a41c5c3cbab48fe2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0da1c24eb6a23bd435cf8787a335324b0dd654bfe01ab76a41c5c3cbab48fe2
SHA3-384 hash: c950e40c5e02f79d78e5f4f809f4bfb44be735d910858438e3d93c99be509858a11e748f764ae476dd61a8084559e955
SHA1 hash: e5e83f90513d219c6dade2b54f138cbc5cf4d087
MD5 hash: 7a702a28ca6497fdb56a87ec3feab2e8
humanhash: high-october-idaho-robin
File name:7a702a28ca6497fdb56a87ec3feab2e8.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 08:26:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 26db3f3c6a40bfde8bdee4e8d390ed86 (1 x GuLoader)
ssdeep 768:MLRXuxm9gRKrqJvErNJN7TwU+yZDFl2TEvfg21eK8wbp:M1+LgrqurLF3oT4T8
Threatray 892 similar samples on MalwareBazaar
TLSH B8732A1EBE599164F0454AB12966D062B729BC3264066E0F73403E6AF836E83FDF1737
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://hosseinsoltani.ir/colinx_WITzBFYEs66.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5512/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 00:02:58 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=udnbyjhlnir32q247b4hum2tesyn2zkl7ya2w5vedrodzovur7ra._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
GuLoader
32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71
GuLoader
8255284fa792c767fd2464364f12f297fa92a38383d2303d7cf9dcb8b74bdfa5
GuLoader
95b7bbca4d924be150fb6858b8546d3386d44a8a589a7a60ab1a0961718ee84d
GuLoader
b9a39d44f35f5b894ee479f2c6878d231911099512920ff5c494896bf6ec4f32
GuLoader
ca29da046b516565cd41c9bb5d9ba29f8a8f9f7fc5d64a42a46b276c55874074
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0
GuLoader
+ 882 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vj6q2efjwj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe a0da1c24eb6a23bd435cf8787a335324b0dd654bfe01ab76a41c5c3cbab48fe2

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5512/

Comments