MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2ad4bb1d6523d5541609a20280c7858ee9dbf33a206146082de81826efc8927. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2ad4bb1d6523d5541609a20280c7858ee9dbf33a206146082de81826efc8927
SHA3-384 hash: 0f1a5adc4f9304d83e448719b1e2be4388ccf0bfd01edb0426772f6d8b73dac70820a03c644e37281c0c0a9e089225ce
SHA1 hash: 1de8cec38ea4812535cec271f856efd400fb3394
MD5 hash: 7e55136833945e983ff36a419f5edc24
humanhash: arkansas-november-dakota-india
File name:7e55136833945e983ff36a419f5edc24.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:03:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 42e0c36f180a8efe83bd831037dd89ed (1 x GuLoader)
ssdeep 1536:aSPfxV40N+JKGxqhSxyAKOykgrKHxLdGKc+o0FDHdZ1gITg8o+3VQ10wbJSj:LPXN+JKjoSO8KVdhjFD9zJ6K9j
Threatray 1'399 similar samples on MalwareBazaar
TLSH 88B38C03EE5C8523C1988FF92D135D797A1CA41A1D401BEFB1767EAEAD316422D9F20E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://thugesh.cf/cgi/KWA80.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6468/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:55:02 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wkwuxmowki6vkqlatiqcqddyldxj3pztuidbiyec32aye3x4retq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64
GuLoader
cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
dbfdd9906827edada6d6bb63194a7b952f6e5f7592f59f2a9b7ff0dbe9dd01c0
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
e8f205cb55b6e064b6252572493b15776b339d9118f182d220731077629e8bbf
GuLoader
+ 1'389 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kb3sqletvs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe b2ad4bb1d6523d5541609a20280c7858ee9dbf33a206146082de81826efc8927

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378967/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6468/

Comments