MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1ffff1b0912fbb00db8b8eb08b6c181a924a31cd806257604980be2d371092c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1ffff1b0912fbb00db8b8eb08b6c181a924a31cd806257604980be2d371092c
SHA3-384 hash: 339723a5de1ef921b9b6f0371473af6c54e3aadb41824f5a79b9c02c6220ede6110359083163cc50b94433ad3882e52c
SHA1 hash: 8ad9a3e352156f20fff45321fb5f3a8bf69d70ff
MD5 hash: 6d34c422768af726adb1e3eb333cc1e8
humanhash: mike-blue-salami-west
File name:6d34c422768af726adb1e3eb333cc1e8.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:131'072 bytes
First seen:2020-06-04 15:51:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ac48f3351efec760b9d7b4285dae5df2 (1 x GuLoader)
ssdeep 3072:A/fEcuDyntntmjHotk3PV55hkXuXl3zcuzJ:kscuDZjIS3PV6+zcm
Threatray 1'476 similar samples on MalwareBazaar
TLSH 30D36B032D69CB19D09559F17CA39C5E361B6A0C9E402ABF00D4AFFFAD70291ACD661F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1oSNK0QKR0LMPewwczGpfWg_c5DgG8tex

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6558/
Detection(s):
SecuriteInfo.com.CLASSIC.5575.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:23:33 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yh776gyjcl53adnyxdvqrnwbqgusjiy43adck5qetaf6fu3rbewa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
65ab725aa981b93b5f3ca28ea8f5257235f6974abe8fb5b03086cc1f9c6aa41b
GuLoader
686dbdd1993e0a6efdcdf33f20d8538f200f8166c57db016cbf342d112d396bd
GuLoader
6b264d7bac7b64c40d89c0e35016ce95f78a90f4f098fc3c1116217c98fe544a
GuLoader
7bdb44b6363e3b185573f4c7e08e78201174fd692f18fc2882a95f8ba455bb5e
GuLoader
898abdb2d9de0344e5b43ac7e4330faeb03d97aa0a3c37e0a37da0ed4d732e9b
GuLoader
8e4cb68e8910042eeb4f5f4588a5a76df31cc6b0be9ad55165ced088afc23201
GuLoader
96487abb17fc905506f1be48d51ea17bb652515d8e5f40a4f524daebe98a6efa
GuLoader
98cbe4d5b07975cd7f0b7a23296b918264585dce46b2c1844a9f52640c03d2a6
GuLoader
b0ce5ad453b8b2f97ba703734dec8df10ba2182e617056461b2bf143abd6e8b8
GuLoader
d7e975690cea31ddff67f92f89ee45cf24f09d9e3f7e91b8f3ee6305d23e52d5
GuLoader
+ 1'466 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xsnrpdjet6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe c1ffff1b0912fbb00db8b8eb08b6c181a924a31cd806257604980be2d371092c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379345/
  
URLhaus
https://urlhaus.abuse.ch/url/379298/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/6558/

Comments