MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdfc8efb0dd8f8530002fca468d1234513bf740a9515269621a83f9af1128550. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bdfc8efb0dd8f8530002fca468d1234513bf740a9515269621a83f9af1128550
SHA3-384 hash: e809be3ec373d700439a6e5a9e4614f28bb774f255e40cdc33fce1cad0fcf1b1b484a1f8f561e5b459552cd601bc488f
SHA1 hash: 19765db62305e4a46c69461126995d62beebed5a
MD5 hash: 15c0c83609c97e7d916a6cb00ebef3ea
humanhash: florida-maryland-twelve-bravo
File name:15c0c83609c97e7d916a6cb00ebef3ea.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 10:50:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 879ae4e57774e94f73861e61e61b033a (1 x GuLoader)
ssdeep 768:WYXum5kr6EsoA37CTSbQ+JPFlCTavfESoyqS45EH:WY+m5g1s7sL+ATLdRC
Threatray 1'275 similar samples on MalwareBazaar
TLSH 5173292AFE489164F85945B55999D053B72A7C325402AF0F72443E9AF832E83BCF473B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://hosseinsoltani.ir/jjjdjd/gozmanss_PzTemFE244.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5528/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 00:33:07 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xx6i56yn3d4fgaac7ssgrujdiuj365aksuksnfrbva7zv4isqvia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
GuLoader
1403d5f33c1379c32f1cb03b1c72d317b81541532647386e7aef8ba51f4c18c6
GuLoader
32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
GuLoader
57bb966172a1d6bc994a682ef5da9b8b8fdabef539f44024c7e9368e6416d457
GuLoader
6d043b33b33e6baaf7514b9ca56f8dbd8aa57bc71a9040bf438bc780c1a4ad5f
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
8db887fade310b044bf413542735e42ea639ba015a1442c1efaac57f6c37628b
GuLoader
aa7170f4c174314d883e1d0a98a14b8256ab63b7ad80dffd45d0ace33ace4580
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
+ 1'265 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hgzrpeq8ve/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe bdfc8efb0dd8f8530002fca468d1234513bf740a9515269621a83f9af1128550

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373168/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5528/

Comments