MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c360eb0ad06680e9de7f26e19b25c52f6f8886da5042fb4bbe906d5e94b8cd98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c360eb0ad06680e9de7f26e19b25c52f6f8886da5042fb4bbe906d5e94b8cd98
SHA3-384 hash: 822247fbb379aa464fc1e5c28f797d2f8d1ae61475ed25ea813998b466259378038667e9837cd17fbd8686f890a308be
SHA1 hash: 848686883e362277a0da73f3917c17c49758d0f9
MD5 hash: 6cb37078ddac8653b0c98412ceb6c9f9
humanhash: nitrogen-delta-bluebird-indigo
File name:SecuriteInfo.com.Trojan.Siggen9.45600.8893.9913
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-13 14:51:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1af9894131fd7df4e026a2daea85bf84 (1 x GuLoader)
ssdeep 768:pZHWXAUJGOvE/pvSx7lcDCIQlMt9w6ewTvwq7luVSvWL1kLVawJUDD0hPOs:poN1vskx7lcuIQCM6NvwqBG1kMBzs
Threatray 239 similar samples on MalwareBazaar
TLSH 9FA3A75163A8FE27C9698EF20712AAE101F81C75A85167137BC77AEF153AC36E270317
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45600.8893.9913.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 00:51:50 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0631509955b475ffd66cda5560340cda6cb3883399665e56b3e65ffee82aef21
GuLoader
0fc20e3e9fe037a0de30f8162d618a0b8e634bee0fa1bac1f1219a9adc4d6016
GuLoader
20629897fd36f8cdb5321d1c58b8acb62fa29c54c0e22b1d2e9e6bef807f7e4d
GuLoader
39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29
GuLoader
4466374fdf3369692e79649be6345297fa9a4f5b05f8f932d33f1b1db19ac3af
GuLoader
4cd079bdace5892c891383033182a97b684daf643f9c4572faf7e4f416f9c505
GuLoader
a2122ebb9e4bc5af911c6934c8c42a006d7da62327f81e0049b02f852a1fe98e
GuLoader
e5852b1568dbddec5b108ada04892d2e567b6148e3b3209139036861960f8719
GuLoader
e920edae93d44363b7f23b7eb55d9074a5781ab05cdace625283ba73bc411524
GuLoader
eb65f2004a16420ae80c5757728b73289199555135a3db08cb8e60b46a9e5a3f
GuLoader
+ 229 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ydgvtjq86j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe c360eb0ad06680e9de7f26e19b25c52f6f8886da5042fb4bbe906d5e94b8cd98

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362029/
  
Delivery method
Distributed via web download

Comments