MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acbdc5ee4cfd910a6d94ffee791a5f62631bbf449ee4883bdd3ae6b705b652ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acbdc5ee4cfd910a6d94ffee791a5f62631bbf449ee4883bdd3ae6b705b652ee
SHA3-384 hash: 0cbd7c790480e8c978107bf06be1e7cf95c90048073d1a192ae604416149ab4c051fce11c4f5cc08b5efc48bc1bea950
SHA1 hash: 99cd23acf33bf12ebd8b949f0542dc0e9d061005
MD5 hash: 7f81fd2fde22eaee78a87f5fe22bac54
humanhash: bacon-queen-florida-river
File name:7f81fd2fde22eaee78a87f5fe22bac54.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 10:50:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 92af733ce1d172da56d62352655b54b1 (1 x GuLoader)
ssdeep 768:cwXucCDVYgFaOClRbDEW7zJPeMXFlCTavf2yzDAk5Jm8J:cw+/kOClRbrzzyTGA2P
Threatray 923 similar samples on MalwareBazaar
TLSH 9E732A1DFE188264F45945B165B5D062BB297C2294066E0FB2002E9EF872E87FCF572B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://qif.ac.ke/komi_yUyfmoyRdV90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5527/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-31 23:09:29 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vs64l3sm7wiqu3mu77xhsgs7mjrrxp2et3siqo65hltlobnwklxa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec
GuLoader
1403d5f33c1379c32f1cb03b1c72d317b81541532647386e7aef8ba51f4c18c6
GuLoader
32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
GuLoader
729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285
GuLoader
7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71
GuLoader
7f833e247361f95f0686bed7fe55c6d9357837513e2edb0da3886ba850066d6c
GuLoader
bdfc8efb0dd8f8530002fca468d1234513bf740a9515269621a83f9af1128550
GuLoader
daa83b31dedd9baabaa012bf052e93e0b378fd00d7c8f8b18ddd8665e04aeb4b
GuLoader
e043182329e5bf20f99ee26ca7326b87945721cd48d6f6f6734230271bb0810b
GuLoader
f1f8f362f768269887febcea5bb11b4ece351b3c0b8be3682c6095fc9f3fcae4
GuLoader
+ 913 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-g76rr4ynhj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe acbdc5ee4cfd910a6d94ffee791a5f62631bbf449ee4883bdd3ae6b705b652ee

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365819/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5527/

Comments