MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0ef6565b8fed20e76a7fc22c4627c0a62b6d5bdc3b79b7901a00e236060ee2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0ef6565b8fed20e76a7fc22c4627c0a62b6d5bdc3b79b7901a00e236060ee2b
SHA3-384 hash: ba822ab393ccdb8b73210c4b6f167db795984b9861cc8c1c8f9984ff81de099d4b831b7105bcc52ec38b700a97b0fe18
SHA1 hash: 20e0ca3cee4cce8c716ea526431cef81640455ce
MD5 hash: 0e1278238fb1f92637a4203432fef9a3
humanhash: stream-three-colorado-floor
File name:0e1278238fb1f92637a4203432fef9a3.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 08:25:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 04b305b988dc3c6a6b98f509ce631c8b (1 x GuLoader)
ssdeep 768:s3yXuQ0eobDTeT/HKnfFtSg+7sTlT/N/daTCz9FlmTEvfgGJIOtdZkV/Noll:Ey+Q0f/UHOh40YlTQh9kr
Threatray 857 similar samples on MalwareBazaar
TLSH 8873191DFF5D8564F4094AB01569D1A2BB2ABC325C029E0F72406FAEA871987FCF5327
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://baritaco.com/waz300_foheKNmxQU184.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5502/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 08:14:50 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=udxwkzny73ja45vh7qrmiyt4bjrlnvn5yo3zw6ibuahcgyda5yvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
GuLoader
5344451622e4d4ac6036cdacefa0e5299843a2aee428cd643bcc663630b3b3de
GuLoader
729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
8255284fa792c767fd2464364f12f297fa92a38383d2303d7cf9dcb8b74bdfa5
GuLoader
8db887fade310b044bf413542735e42ea639ba015a1442c1efaac57f6c37628b
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
f1f8f362f768269887febcea5bb11b4ece351b3c0b8be3682c6095fc9f3fcae4
GuLoader
faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0
GuLoader
+ 847 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-tvd3p714yj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe a0ef6565b8fed20e76a7fc22c4627c0a62b6d5bdc3b79b7901a00e236060ee2b

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5502/

Comments