MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbd8d503832b7b2b22c6892fc0d3047b022c67c81cc1226a89f33f9ac38795dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbd8d503832b7b2b22c6892fc0d3047b022c67c81cc1226a89f33f9ac38795dc
SHA3-384 hash: da68a6580d04b0c466268ac309fbbbca07838803ba3fc67b2566d3df137902d09caa4015c540a95ab9d6786e8ed676bd
SHA1 hash: 974aa43cbf9ca42770376cf20ce159c7513eee4c
MD5 hash: 4f584b9eb23297c35ea2497308e1610d
humanhash: fourteen-cup-berlin-spring
File name:Diplomat.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-05-11 19:24:32 UTC
Last seen:2020-05-11 19:49:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 83f14cdcf02c2a3cd0dc7f39b4f125be (1 x GuLoader)
ssdeep 768:txgVjCaCwQgiOvfAoBH8cToj4gzR8LuGMcv:nGjCXohYoBBToj4eZ0
Threatray 221 similar samples on MalwareBazaar
TLSH C8734A27F594C475E552DAF30F63C7A84A99BE711808CA03B3893B3D1934B44F9A52FA
Reporter sysopfb1
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Warzone
Create hunting rule
Link:
https://www.capesandbox.com/analysis/3167/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Maria.3.19504.32277.UNOFFICIAL
Create hunting rule

Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/349763
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 15:15:32 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1523161db16fc567363e0ea7254b23144544a816dc31030a3a26b9f6efbfc34d
GuLoader
1794a70ea1648e95eb6c74976b5d9e88e1464328b339da71e3cd864e20838d5e
GuLoader
3310955f18335677243f9ce26cfb7c8129e1b74842eb1d87af6aa6004a5e3f1a
GuLoader
3446c44f768ea83d31f4f27788b294f5a45898023daaf299f7dcb8c8cbba472a
GuLoader
61d90a7cf82c0dcc1892fac3a5df6eae0407e2f4e0221af5d0f4223021024274
GuLoader
65131044759196e12700fd7ee31168c84bdf760ef3a8f421f49fe39ad5177e86
GuLoader
79b43a2463e2a406adba5e01b2c0cc5d58ce6989532e34e353cda8672dddbd4f
GuLoader
bb22a0c4a604064f5bad7484b31e06d0dc31f7ce01f26a5cceb78d71ea259daf
GuLoader
c3bc66d18946ecf4e0be034df58f5fdc4e7c78210c93a6b4c0a197288a976f0b
GuLoader
d0daced4c604ca477c9f6f7c0e6fb80dfa9cabdb8a93ef7464a2b5ea066d171e
GuLoader
+ 211 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lq4w2scaej/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://leanpub.com/c/reverseengineeringmalwarepracticalexamples
Cape
Cape
https://www.capesandbox.com/analysis/3167/
Cape
Cape
https://www.capesandbox.com/analysis/3166/
Cape
Cape
https://www.capesandbox.com/analysis/3165/
Cape
Cape
https://www.capesandbox.com/analysis/3140/
Cape
Cape
https://www.capesandbox.com/analysis/3138/

Comments