MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51
SHA3-384 hash: 714a085cae56f4a7e080d09f53812e82945271071f5b4801869fe003bdf5238b46bc501b65fa9b74ac11869682dbd054
SHA1 hash: b005d987efe771c6994b78136ad39aa95ef8777e
MD5 hash: bff9f7d8fdc95cc95c50ad9610e873dc
humanhash: nebraska-spaghetti-oranges-three
File name:bff9f7d8fdc95cc95c50ad9610e873dc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-03 07:11:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 44672bee2a55a754221ec0935590ad00 (1 x GuLoader)
ssdeep 768:0hpLQx1jKogioCYhhV+HH1eFWshOAkGwcFOuwv1IfwCr0fz+B:EQx12hCYhh+HkOAvw9uC1If5r0fzk
Threatray 701 similar samples on MalwareBazaar
TLSH FE833B06FD40ED72DC618AF44926D2B860AFBC301A5489077ADD7B3F0A37B59A5B0717
Reporter abuse_ch
Tags:AveMariaRAT exe GuLoader RAT


Avatar
abuse_ch
GuLoader pushing AveMariaRAT

AveMariaRAT payload URL:
https://mail-cloud.ngrok.io/bin/pounds-hopto_ngcXGkDrVs1.bin

AveMariaRAT C2:
pounds.hopto.org:9115 (155.94.198.169)

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 07:35:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=37sunfvnpqilyrhfestnfexzjkkrxuu2uh2nx3rjw2xfn2xz7jiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b
GuLoader
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
GuLoader
2e4e588077024fa1b6e3a621faef00f099fdf962d850adc1895cd0d878a1e8d7
GuLoader
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
5a44cbe60853b3a9446a1ca10802ee4767cdfca6cf05c7c96ba7799aa91eafee
GuLoader
9b330bb1491b230182ada7cd439a91edbf552bae7494a2ce6ebf55726660b086
GuLoader
a55a495af0977a693b67da780d734c4a8fe65bcc0a54f06079d79ac60c555200
GuLoader
b91a177c3cde632c9d8d0c2b65bfddb55eedcec8d660060231acd4aacc821d92
GuLoader
d1148a8f019b2b901f2c089bd7e77eb55c61efa5d6cbfb65e4fa1868476c9dfe
GuLoader
ff74fb3d8b1bc85e76697ddd73113a500d0c735e3b0b97fa67dd7720e40a5017
GuLoader
+ 691 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/356529/
  
Delivery method
Distributed via e-mail attachment

Comments