MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e65a5fdf0fa896a90f1b817b341b982cc0ba0ade72ca3542234da82fddcc3143. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e65a5fdf0fa896a90f1b817b341b982cc0ba0ade72ca3542234da82fddcc3143
SHA3-384 hash: c41ad995421897d126dca1a82bcd46c82dc98d0ef8d73543545d749758cb5fb1c9f0aaff1b4face4c2840276ce9d3e9d
SHA1 hash: 6eb5a2f376f47d0b808f88fafa33852f7cce140c
MD5 hash: 6f56aa0aef9c435999a0f4e2926e3ec2
humanhash: one-lake-idaho-mike
File name:6f56aa0aef9c435999a0f4e2926e3ec2.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-21 19:27:22 UTC
Last seen:2020-05-21 20:45:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8a4b635fc7bef8ca71ca503c634d1712 (1 x GuLoader)
ssdeep 1536:V04dplw6pOCwmre094JIvDUr1FDVYKovC9tcktFCQnE+zNGtPUdhh:i4S6Hwme0yODUHDVuEtDtFDEQkc1
Threatray 600 similar samples on MalwareBazaar
TLSH 5DB3095073D0F812D9B84DF22A62478452AFBC3E6C02671B2BC5B61F5A77D80E7127A3
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=19ggDtGOiT0ty74lBLr6Bl3eXO__fcdxd

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareitvb
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 22:09:26 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0557646805d712ca2f91d47d8cb95a292b611886903e6824f3948182228ef750
GuLoader
0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b
GuLoader
14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4
GuLoader
5014b473901c1517c80fa4229172b855af67b2f20f2e7e61bee8d21a9bb94478
GuLoader
5ecd51e9131fb350b5fe5b90e4e4ebd71a28a55ca867399f231995e25097da58
GuLoader
7556ace3bd8a035ca289145f068029f6137fe41f935b32fd1d0b046d1f2e05ab
GuLoader
7628bdfdefa90c3dde24286daa4292bd93f6a95b9c95ed0e64df8e7df9a13289
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cdc410fc7ec76c6fec7439539c0c459a71ea6ccc0f8c434a278ceb20705488f2
GuLoader
d144278763b938fcfdd840307f1e69f58461919b72c5c87a1c9738e76285f423
GuLoader
+ 590 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3skpkn61ca/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/366310/

Comments