MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a32c37dd601a6fcdd6e622b2c928c7ef7935a77a0df9a2dfb9c7774630dd266e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a32c37dd601a6fcdd6e622b2c928c7ef7935a77a0df9a2dfb9c7774630dd266e
SHA3-384 hash: eb9b79d5ca1bba55de4dd3070f2b776e9b925dd6faff3d5b13309040ece8a7b9715a372f18e9ccf1fa89d8d42b092f64
SHA1 hash: 224464ce932d5c34bb34e025736776863e45dffe
MD5 hash: 6da555c0b038ffceda7e94886cffc1db
humanhash: rugby-jersey-blue-vegan
File name:TOADROOT.EXE
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 05:30:57 UTC
Last seen:2020-05-28 19:39:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c59c6a66ebfb518597c90d8dc1e1bb8e (1 x GuLoader)
ssdeep 1536:w2K4QiGvM9IEkj2xoWMjph6K/F32msgA:wL4QBvKIt5nj/6KNa
Threatray 1'575 similar samples on MalwareBazaar
TLSH 23B3D45375D8FC82EA214DB28DD29EA65C62BD258CA09A17764FBB0D1D7B2901FB0306
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Remcos
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4702/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.45988.21399.25939.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 01:24:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
remcos
Create hunting rule
guloader
Create hunting rule
Similar samples:
0b8d469babc7b057403a1d7ca0f781c9a675523941cfcc8bb6eae582680746c4
GuLoader
1df9aa28e1f0652e0797e7531c2965387107ecb56b2988f260d758a932ce3d1b
GuLoader
4692d4716a224f54c928808d2d7ee7e9eaeb8531f1cd29b91886fa511a12f07a
GuLoader
59b1b0e770b3b964f7ad3290b9ebfa845b828c7819cf8282b2b7aa89530cff78
GuLoader
644aa25d23ed0bde16287cbf053890168f01b13ba8909a1c9b984f8f2f58180f
GuLoader
71d8902ce64db45af7c463dcf085067198b934c43169e3eff51e58495a0f65bb
GuLoader
9ad345199fba200ac03609aa9a93be1c10663b7c2c1f3d0467e747f0f0147caf
GuLoader
a7d93e9c9bb80f0f8a271ae4a101f305bac535e197697b35f291794fa83ef538
GuLoader
ac120fadb0fde46db30df42a52a0b65d34fa6621fa13f18c11b5fe93626dcf6d
GuLoader
b05eb1ace6dd219a6e5ea23d25ea88bbd672ad379ac4dcaa935acbfdece37c0b
GuLoader
+ 1'565 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bwz89mfywn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img fd552f79610365ba2654d1e88414f2a5a3efdbd5b1c35fd8e988e94887fbd367

GuLoader

Executable exe a32c37dd601a6fcdd6e622b2c928c7ef7935a77a0df9a2dfb9c7774630dd266e

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 fd552f79610365ba2654d1e88414f2a5a3efdbd5b1c35fd8e988e94887fbd367
Cape
Cape
https://www.capesandbox.com/analysis/4702/

Comments