MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bff8ed6fb8d736ad790d7306d45715c9a3858a00a6b5be7251d3126020339e54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bff8ed6fb8d736ad790d7306d45715c9a3858a00a6b5be7251d3126020339e54
SHA3-384 hash: 170a77505ada51a0be66b430e9e2ab1b60c60757acf9663790a0d4007c4a2f989f2fa4a04133c6c911e0546cc7bfbac8
SHA1 hash: 051c4a1b53534f38af228027d556260669d980f4
MD5 hash: 61f953b640f27aaa6bf17371d6230d93
humanhash: delaware-hot-kitten-cold
File name:61f953b640f27aaa6bf17371d6230d93.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-05 13:41:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1ecae53a9d94447c27f716fa5ba2f229 (1 x GuLoader)
ssdeep 1536:zUWDrdLtwEGkJvt/G0U5i15HwDwvOB7pXaUwgEQzx3uA4c:zDrdh+kH/Gli16EgXa+Vo
Threatray 930 similar samples on MalwareBazaar
TLSH 0C838D137D1C9912D10942F42E13DDE91E26BD684D42AF4B6608BF8EFD716C368EE21E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://84.38.130.137/sammielarge_LjxSva105.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6704/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.50240.27477.18378.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 02:55:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x74o235y243k26inomdnivyvzgrylcqau22344sr2mjgaibttzka._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
27d591d9f4f1c5c4f3f6ae8f975b1a0ed7d2ffb5277348e59cd32ef5c57e6168
GuLoader
3142e31329c54946869e2c0595bf23492f58f776ab9d6123bf20d10b6cba5602
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4
GuLoader
761e31eb72cc241c0b5bf6ae44cd9dcc41854f523127a6638ad332ff0b8dfb3a
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
b1cce5c3801487b851b808c16590f54937f9c36d668b9fcc2146c3d2d2040d97
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 920 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-r1brflnaa2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe bff8ed6fb8d736ad790d7306d45715c9a3858a00a6b5be7251d3126020339e54

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6704/

Comments