MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca29da046b516565cd41c9bb5d9ba29f8a8f9f7fc5d64a42a46b276c55874074. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca29da046b516565cd41c9bb5d9ba29f8a8f9f7fc5d64a42a46b276c55874074
SHA3-384 hash: d0e2ab0379c8460c64cd9a0136a419f1afdec61d0cd768f240f28b3299729ec2c1820e1014f5c59dad9d23c80baafba8
SHA1 hash: 1ee85a38498cb30673580c146f1b291e9ebaa4b9
MD5 hash: c56507a4a07721a5f9905a9ce6fbc007
humanhash: april-angel-zebra-illinois
File name:c56507a4a07721a5f9905a9ce6fbc007.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 10:50:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 65bf334a24d3de63d0eb85cfa70aec84 (1 x GuLoader)
ssdeep 768:iMXuL/P6KZUf8NvcEYPPgHbWFf7yPuh/IFlSTavf26RUYVwg/C:iM+LnDUfbDDV/LTGUYWg/C
Threatray 911 similar samples on MalwareBazaar
TLSH 69732A19FE284164F4154AF69595D092FA2DBC3214065E0FB2003DBAA876E87FDF232F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5526/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 07:30:48 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ziu5ubdlkfswltkbzg5v3g5ct6fi7h37yxleuqvenmtwyvmhib2a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
GuLoader
4af9eb9a627fd64924f12a6a972423e8c5a553108be81d0ee259ff4de7d638b2
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71
GuLoader
8507e59e99aeecfdf0c8da8742848a0773c3493d038caef65a04bbe6969dffb7
GuLoader
cabdb16b578bbd7855d7d244a8bb49dd9542232804e22a809ff1b1805f35e976
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
f1f8f362f768269887febcea5bb11b4ece351b3c0b8be3682c6095fc9f3fcae4
GuLoader
faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0
GuLoader
+ 901 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4rr3sp611n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe ca29da046b516565cd41c9bb5d9ba29f8a8f9f7fc5d64a42a46b276c55874074

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369174/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5526/

Comments