MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfa0df21f2c8983588332f6ddca6206583188be49d3b8071e71d36ad8fd0b2c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfa0df21f2c8983588332f6ddca6206583188be49d3b8071e71d36ad8fd0b2c6
SHA3-384 hash: ba5551b2eef2ca09837d650b8e00f3f6e3d425742af76799860a02f5465cbfd4b37e02dccfb76cc4756431a10b272940
SHA1 hash: f35c03fd3cc4373286242121924de4ac655b4002
MD5 hash: 9bd061ab8d28e303ab0216c35a18af8a
humanhash: lamp-single-oklahoma-florida
File name:9bd061ab8d28e303ab0216c35a18af8a.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-21 08:57:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 627bac97d78fad77f1bfa14e5c0ce7a8 (1 x GuLoader)
ssdeep 768:+LK3hnuAF0B0Ll2u1fY2tJ9+hxMsBzYeZRGvSXPf6Rmvaj43NoFKdhD:CKxns+l2u22tJg5BEeZK4V
Threatray 216 similar samples on MalwareBazaar
TLSH D4931A02F0949576E34146B0AB388BFC12EBED7116615A5736C67AAD1B37A06733323F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://learnteachweb.ru/ikt/filter/algebra/tests/test/f_UXWITPu142.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-7788440-0
Create hunting rule

Win.Trojan.Generic-7789322-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 07:52:52 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6qn6ipszcmdlcbtf5w5zjramwbrrc7etu5ya4phdu3k3d6qwlda._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
26c6d799dffff9bc1a4a8eb24204bd91e4f1694014ba0d6557a0e3e20e64608e
GuLoader
280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938
GuLoader
29c222f82d9db373ee755ac832c22540afb8f8708eafe8e96266a02b80759066
GuLoader
42bb5eae534eb2cea979c300b797a65febf291b28aea0b9d8bbea7d0a41bffa2
GuLoader
a51d5fe8c5f9ea9c4af866b7b6669845433934e4b4528995a3ac1702e7002c0e
GuLoader
a81932797aa7e6324dc3390718163035c75620e6a0fa29c146c13c33b654a283
GuLoader
a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
GuLoader
b32753162fa9fba8771e302675ec5739aa3925f19ae0871dec32e9d27933082d
GuLoader
c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
GuLoader
df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c
GuLoader
+ 206 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4km9l8ttas/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe bfa0df21f2c8983588332f6ddca6206583188be49d3b8071e71d36ad8fd0b2c6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365919/
  
URLhaus
https://urlhaus.abuse.ch/url/365929/
  
Delivery method
Distributed via web download

Comments