MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc8ef4be7deaea9ac5cb75ba74d1d5718a665e96d44983ba1f0d0ed4c9d33cc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc8ef4be7deaea9ac5cb75ba74d1d5718a665e96d44983ba1f0d0ed4c9d33cc8
SHA3-384 hash: ba40648099633ab0950927d293f8e0d117e797d7a1363b0d58a473a9e653c04cfec1acd4c407eb5d5f72eb45a1d7f9f1
SHA1 hash: 3955b24d68c02d5ca5380772b5b5d22572f7d7e7
MD5 hash: 63f57600d1a00eb45a5937a47e364b79
humanhash: violet-saturn-magnesium-chicken
File name:hotdo.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-19 09:51:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b013a9af1d5dab20bf002de768c2e0a (1 x GuLoader)
ssdeep 3072:0fUMFHFDGCsCq2FuqGj9xR/5HXfRUkpNO:0fUMFFDBSJxRhHZpp
Threatray 81 similar samples on MalwareBazaar
TLSH 8F142915F990A43BCAF98AFD5FE19AB890DA5CB66A01D703B6407F2F31F1885F064532
Reporter JoulK
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7842022-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 10:35:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zshpjpt55lvjvrolow5hjuovogfgmxuw2reyhoq7buhnjsothtea._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d1c9ee0b1adaa5a121fd70d332785395ad22538f9cdc7db44414c1604e28919
GuLoader
2fdb0d7b083751a10db872738e974f869b99f2ca21891a5fb96bc9440f827ffb
GuLoader
30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe
GuLoader
3d759e1a22e9409de973cc5040093aff85d02303712fe10283b7baff63de9f73
GuLoader
8058effea9cbffe67d3cc69221eda22862586eecdb7c9409b4f9fd6eab6ea04f
GuLoader
85e0ff2f0c03b8d8ce1d32b446dcef0e32b79fa581a9c27dcf4d0bb92c6b167f
GuLoader
ad3bb3f26289dc46ab58afb6cdf67ca9a256519fd9d087a418f849f9bcb78c25
GuLoader
cc59f4e889283e3dff30ef291a50234772901a99168cecc501f86e75dac3b7ef
GuLoader
e5d4600354cad7a882caac33f0e18bc6702a269dab9315ef71835fbbad747626
GuLoader
ec5b7c7c61e8282e08ca88732af9355470cf4c3ada79a3c25137fb16aa0c0b54
GuLoader
+ 71 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rx9jayng8n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments