MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccf8d12701f350ccb107f9a25763fa892c879109edf54a0d3811f4562dcff85f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccf8d12701f350ccb107f9a25763fa892c879109edf54a0d3811f4562dcff85f
SHA3-384 hash: 1d9f617be6552632189e25f7cd6908775228a7cffe792b7166250051c1f0eb2a30d14ec103e04ab8e27b8fc24fa33b8b
SHA1 hash: fc6d2d2762cdb1ea3e694a103b9960ddbc29b477
MD5 hash: e678b289eb4ad14767434c3b8940a796
humanhash: paris-oxygen-juliet-solar
File name:Bidding stage project.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-07 12:30:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b7f1cdd0640009af8ddfb563a5e6e32f (1 x GuLoader)
ssdeep 1536:5NbQIgabH7Blae9MLSSgBvUUOmxJ//G7VY:5mH7g1UlmbG7u
Threatray 222 similar samples on MalwareBazaar
TLSH 29A3B8986AF1ED17D9BBB9B1DB51F6DEC3456C322431160365C0320B4F718829FA1B6E
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 12:36:36 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zt4ncjyb6nimzmih7grfoy72rewipeij5x2uudjych2fmlop7bpq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0fefdfbc442c4667670b1b9001f1b586dbf7d7eeb13bcaf21af53984d5ad14a6
GuLoader
280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938
GuLoader
42bb5eae534eb2cea979c300b797a65febf291b28aea0b9d8bbea7d0a41bffa2
GuLoader
a51d5fe8c5f9ea9c4af866b7b6669845433934e4b4528995a3ac1702e7002c0e
GuLoader
a81932797aa7e6324dc3390718163035c75620e6a0fa29c146c13c33b654a283
GuLoader
a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
GuLoader
acdbf9fccd6e9fef6459322fb9ea0b1767815413a9a9d91407b87c7834ae77a0
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
GuLoader
df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c
GuLoader
+ 212 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ehl7v3b476/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

c3c7b949ca748d05c6304d33dcb83a57d72f143edf460000f332b4ccfb9d3c43

GuLoader

Executable exe ccf8d12701f350ccb107f9a25763fa892c879109edf54a0d3811f4562dcff85f

(this sample)

  
Dropped by
MD5 8795bf05a7faec5d62d117ecc7c7ca7d
  
Dropped by
SHA256 c3c7b949ca748d05c6304d33dcb83a57d72f143edf460000f332b4ccfb9d3c43
  
Delivery method
Distributed via e-mail attachment

Comments