MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbd622c8e7c139a30ded3fdcaabf419b449910a084f80e8dc643567c4fca7919. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fbd622c8e7c139a30ded3fdcaabf419b449910a084f80e8dc643567c4fca7919
SHA3-384 hash:	51a0bf278bfa4375588ab35fbce0837c17e4e2e79afbb9d1ecc541844c1c8fa40678ae3f5910ab024b9e96ca57fbb924
SHA1 hash:	a51ca1ad43316b9a6849d0297bb2f8617170bd94
MD5 hash:	5fcd010b86336f99d9df0e2ce8fc46af
humanhash:	lithium-social-montana-florida
File name:	Forsor.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	167'936 bytes
First seen:	2020-05-19 10:00:40 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	21e4f6b481a228685fb0b8f9047e33c1 (1 x GuLoader)
ssdeep	1536:QmLqFWqBCiy0TroZsCGHHav5byAMfUZQI1It594iVr80vORJ/AM+b8K7F:QmLQTCiyfnt5b3MfNx5iiVOfGR
Threatray	5'112 similar samples on MalwareBazaar
TLSH	C1F36A22F2D5EA06C4204ABE8E9696F550652E764A51C90BB1C43F0F79F280BE7F1377
Reporter	JoulK
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

82

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.ProtectSharewar-3

PUA.Win.Packer.ProtectSharewar-2

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-18 19:45:48 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

22 of 30 (73.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7plcfshhye42gdpnh7okvp2btncjsefaqt4a5doginlhyt6kpemq._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

41519f4cbc28650e8151b62f9a6b9503274a80d6dc51bade4a118812742e63ab

474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f

688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388

6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b

9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264

b042e4bdfe19df2aa474fd5e2294aecc9a07d447c96466db7a7e20316d885634

b05998bc4d111c80719ab38c75918662f8151fd5e5e223cdc90f0d97caad3b6e

c5ccddfa0f7ee807513279b0195460cd48f3b36f2154c93ff3945fe30c647dde

d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba

e13acda03eb4829793beb5c0664d5752663b7ef5ae72b63724e7eaf189a9fec4

+ 5'102 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-882zejqqpe/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample