MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbba3a76832ca533bccd400adcceb5e7f9f06098f2bd2c476951964edd552d5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbba3a76832ca533bccd400adcceb5e7f9f06098f2bd2c476951964edd552d5c
SHA3-384 hash: b62214199a5efb73f4eac69def6e500773a672650650e8fa06bbb1a7b7883a5e1d5fd6e320bb8f68916a249e860143cb
SHA1 hash: cf170bc942592085896f83c8b1df7db24e9fca32
MD5 hash: 395f0d194054d8b0d9bd9a5ac8ce24df
humanhash: alpha-lithium-stream-bluebird
File name:SecuriteInfo.com.Heur.PonyStealer.gm0@oC1ai0mi.15237.13689
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-07 13:28:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 04cd93ccba6834c4ec8fa5f6efd73403 (1 x GuLoader)
ssdeep 1536:Z+zx0oJybP/nL+4Kalae9MLSSwQFP7J1PaZiQ:gJg/iJ7/FP7XM
Threatray 120 similar samples on MalwareBazaar
TLSH AFA3DA18AAE5DC16D9BBB9B2D745F6DEC3985C322431560325C0321B4F71C42AFA1B7E
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

SecuriteInfo.com.Heur.PonyStealer.gm0@oC1ai0mi.15237.13689.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 11:22:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ffe8a0c22c433b676f40639e236a1c7cc58656be5150f1bd4dc7f24d807c761
GuLoader
60b28ad78be40bbc9d08b91b21c5d4e07c6952f5be5e32eacee6d055e0279b12
GuLoader
65bb15f0e438e2c4334b1c3a83cbcb465cee8173a93dcb3ec4cb8e2237b57707
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b4f463437e9cc07319a75e55ebd84f4af81821747911be7c6a49ee1395541bfb
GuLoader
c72abb73f39b466cd8b230c1fd9d6c1bf46573db11038eaa407d47976eb317eb
GuLoader
ccf8d12701f350ccb107f9a25763fa892c879109edf54a0d3811f4562dcff85f
GuLoader
cfbd66845ba87ca332833515563aaf417025692ad4f341567b7bd11a509c06d9
GuLoader
d706cbce022e0dc6fe2aaf90f976383d10132c6ed8f5fc27b65e1364fdadf0f9
GuLoader
fa3b184df1f3b9ed637a7f8f9c557dca6871c7f150badb172947809bddf1c6d0
GuLoader
+ 110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qy1amc1x46/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe cbba3a76832ca533bccd400adcceb5e7f9f06098f2bd2c476951964edd552d5c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/359355/
  
Delivery method
Distributed via web download

Comments