MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6da2d04d96152fd010853b3fd0f67ef92af20e81b47a9395617050f11f53b9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6da2d04d96152fd010853b3fd0f67ef92af20e81b47a9395617050f11f53b9a
SHA3-384 hash: 30febf23bcb473ebfaf9c2e805b26c5cdeefe004c33c45dcc7df3f61dbc82f0c19eb5e377748c27482a96aa56d6f47c6
SHA1 hash: 4aa47d1d82a3875cc2533cbffa36453da2bcc55c
MD5 hash: 0d40871e7e3dfba5792089f327080b7e
humanhash: gee-moon-echo-autumn
File name:0d40871e7e3dfba5792089f327080b7e.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:03:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 86f51ce2dc9a44d8ac55d6d0f6ce03db (1 x GuLoader)
ssdeep 1536:oTbSPfxV40myrckgrKHxLdGKc+o0FDHdZ1gIlMS6sRLBfzkMeiEQZpmM:lPX1eKVdhjFD9zywlsgZ
Threatray 866 similar samples on MalwareBazaar
TLSH F5B37C03ED498653D1548BFD3D678D793A2DA91C09016FEF70759E9BAD312822CAB20F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://45.143.222.30/MEKINO%202020%20NEW_gbaSkZMcG6.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NanoCore
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6466/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 21:24:21 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w3nc2bgzmfjp2aiikoz72d3h56jk6ihidnd2sokwc4cq6epvhona._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4fb5e1b5eaa6a8f4ff3e80429adaa9f5af1dded814c724a7839f25636530d0e3
GuLoader
7391f3917523baee91e92967c12e20c57448474696590fcbc6e5e6b3c5e21f78
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
8fc4747ee4e9b358ddd1dffff19b0b3f5166e8b4ef15257be68d3fa2decb347e
GuLoader
a2bf3f45bdc745f100e74e154249ceccf3339a09de63ebd1118b50ed7a305a9b
GuLoader
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
c98091ed44cd76e438ce2e7a9c71b57d37ff45903d365162040af94fa143b9f5
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
+ 856 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-8js2g3bdns/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe b6da2d04d96152fd010853b3fd0f67ef92af20e81b47a9395617050f11f53b9a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/372807/
  
URLhaus
https://urlhaus.abuse.ch/url/373713/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/6466/

Comments