MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f13e6a63744c56a4815ebc9421b869c5a30a539a4053a6bf057f98cf79c06ed5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f13e6a63744c56a4815ebc9421b869c5a30a539a4053a6bf057f98cf79c06ed5
SHA3-384 hash: b4077da1d199e3088240d2aae13473b94e8e2f4dd9748f94b06129b32b6dd399d92514cf0ba49c024829070dc2656dc1
SHA1 hash: dd888e59e88a7f201a0875f53505ca08f9be8eb9
MD5 hash: af0d2154949b4de84f1bac61ed4d8a56
humanhash: aspen-seven-jig-dakota
File name:af0d2154949b4de84f1bac61ed4d8a56.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2020-05-31 22:28:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dee8c782a133a9b862c30d5fb1d39975 (1 x GuLoader)
ssdeep 768:ZHdXudQiyYo4cUEaant4eFwia4MCvJ8uhFSFS+4IDSBJSSiFzrTo47i:Z9+vyYCUxeCCvJfFSSIDSHSS6fT
Threatray 657 similar samples on MalwareBazaar
TLSH F1536D27BD0D9012E21ACAF195B1E5B17B26BC5515026F0B3644AFAAEC316C37DF132E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=17Irk7CsOVf6UyFatXo90zofxIfHB9ERn

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5497/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-31 22:35:24 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6e7guy3ujrlkjak6xskcdodjywrquu42ibj2npyfp6mm66oan3kq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
5c1fd78532bdfda40cd3c1a1e953307e979f71435272165b1104fee6d842d91e
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
929ebb7e7982c89438ccbb2f9b78ed4db55ebecbddbcd2840dbaa40dad8cd4d7
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b1870a333468762962079f0f81ecd22f7e40e53c504dd031e999761f267bc347
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
d29fa6e0fa83a4332afc39315b3961e609bddc91c1b60590c82b009d20cd9f3a
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
dc352fba70b027e2bfd420907be5443af811848df52a16a4845b2caac3ad8d2c
GuLoader
+ 647 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-a2r1rztp96/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe f13e6a63744c56a4815ebc9421b869c5a30a539a4053a6bf057f98cf79c06ed5

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5497/

Comments