MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0869824ebfbb0b6829df05fe8b1f8663c13fee3f4a1c3bfed27afebdcf2a065. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0869824ebfbb0b6829df05fe8b1f8663c13fee3f4a1c3bfed27afebdcf2a065
SHA3-384 hash: 3cad60663175029f313515744aeead87691255be638ae439c43e19163eea7ee2ab6e6a0fc6be6b66ce26a69a704e19f7
SHA1 hash: 4527a17c7cfdf2d2647dc3592b5eefd4dc5662d6
MD5 hash: 18c3ea8200db4c4188c61994fd6b63b1
humanhash: vermont-lemon-bulldog-ink
File name:18c3ea8200db4c4188c61994fd6b63b1.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:33:07 UTC
Last seen:2020-05-21 11:14:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3f94471dcd73e6b4be8283d8953c7808 (1 x GuLoader)
ssdeep 768:QLl+6d6sNZw0lkDroC0cKNKnzAcbaiKS6G1OT867tqNmJu:alN6sNZL6JKNMzAcbaiKS6c7mI
Threatray 75 similar samples on MalwareBazaar
TLSH C7A34B14F058DC60DD9886FD5EA64AA8516FBD350DB1CB0BB8CA375F2EF6680E920347
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1ChQl_G_-UnOcfhJt19CSZTBpX6baZ6Mr

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.13065.19280.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:13:23 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ycdjqjhl7oylnau56bp6rmpymy6bh7xd6sq4hp7ne6x6xxhsubsq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
GuLoader
3304692b98947be42789e37a03aa03804b66df6235cc20d8611d7aa42c27c7aa
GuLoader
563ee97396c60bb7d587d98e95d68109cfe9b0a924860bee678e1e4da196bb64
GuLoader
6f5ca9214523f976657c931ecf4e51a27e673a865d99b3fe99367facb5a16c13
GuLoader
b624f2628a187644b398db22269d178207461ea7180bc442b3623a0ec67d35f2
GuLoader
ce13b6969219a3acc2cd23208f987f4a2f6779b6bd34bfc22c6f35946cf2fad7
GuLoader
d28f7e29c76ea32e8a690122a4d729408136d83a70ac491231b7458c740c86a5
GuLoader
d8dbe0a74ff4d70f5633f8177f37c14cd1586d7a658ecf72d05f59261e8ad016
GuLoader
e0a34b9c420ddd930b3f89c13c3f564907dd948e88f668a0fe55ce506220bd73
GuLoader
ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0
GuLoader
+ 65 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-eq5x9zn6xx/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe c0869824ebfbb0b6829df05fe8b1f8663c13fee3f4a1c3bfed27afebdcf2a065

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366049/
  
URLhaus
https://urlhaus.abuse.ch/url/365954/
  
Delivery method
Distributed via web download

Comments