MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6a213e9e6ed1f8e1a318c3bd1a8c1676ddb707c33a44008699cb37adf6d552b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6a213e9e6ed1f8e1a318c3bd1a8c1676ddb707c33a44008699cb37adf6d552b
SHA3-384 hash: 99ac05f26caf0c3871d884e7f90446bf25e70d5bf8448382d751c36720961bf4fbc1c71c45401e91746367b513509e07
SHA1 hash: 86992632ff838edc95f64583bb820b046313d9b3
MD5 hash: fc52de89f7aef1e7db4d005d4a45bdc2
humanhash: indigo-fifteen-ink-virginia
File name:fc52de89f7aef1e7db4d005d4a45bdc2.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:40:23 UTC
Last seen:2020-05-21 09:51:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e794196d75db694b21e2082b6ca40e16 (1 x GuLoader)
ssdeep 768:hJJBQKvLdVoo0gZxoft0LntysJFdnK1UVSN3gCOVeE:JBQkLdWo0gZKft0Lnt/FI1NMVF
Threatray 155 similar samples on MalwareBazaar
TLSH D4A30A32F6B4FE27C94499FD1EA0865827AFDC740921CA0B74CB7B5D1AF65C1A52032B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1wFDPP7YSPxWSmZeLT8NfgD4aQyaAY7-r

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47794.26218.24688.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 17:05:44 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u2rbh2pg5upy4grrrq55dkgbm5w5w4d4goseacdjtszxvx3nkuvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2
GuLoader
496b39b696da8c81b7f0d57b3b591a9c948bf88d8ba375618703edcb18f4c27d
GuLoader
51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4
GuLoader
5851f851fd3f4818e16bcf8ac00b723f43d2efd4b2d1acd3c506a8d32f8de14b
GuLoader
5e627b14e776856c2904f622b43da929fbc41c1d0b753cd0f98913d8eeaf3544
GuLoader
67d53f916dfaa58825da5c4141cbb338b286aab1de054bd46c0c1f989519491f
GuLoader
7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ed65d62376f71cd4ee0dfd8f1f9b43787de42dd85da310ab8b4e90abef7681a0
GuLoader
+ 145 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-v1tgfcl136/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe a6a213e9e6ed1f8e1a318c3bd1a8c1676ddb707c33a44008699cb37adf6d552b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365779/
  
URLhaus
https://urlhaus.abuse.ch/url/265919/
  
Delivery method
Distributed via web download

Comments