MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab
SHA3-384 hash: b523ed3285be1dc93f4169299073db2289aa4f99a6108f9f611f470713529f9d4718795f716c267cc089b2f726a3cf5a
SHA1 hash: e3942391767987573eb45f0bda3739adca9ca227
MD5 hash: dcba7ff8e6603dcd0c2c42a98624d5eb
humanhash: october-october-november-don
File name:088021ord_ # PO.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:196'608 bytes
First seen:2020-04-22 11:21:35 UTC
Last seen:2020-04-22 12:01:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 00a2792434f4318e2e0b35fdc134c9af (1 x GuLoader)
ssdeep 1536:HnOkIMw8F0z7M7ax59R8fNHnO6O8qC+/eYSVlArHkx0jetl+Hxb/Zi7lslg:HnOkrwZzR/+fpZtqLgltRzygBh
Threatray 695 similar samples on MalwareBazaar
TLSH 2D141A40BE34E472D22402702EDACB7ED3A83DE1C9E8895F2150B76FEE721D559A117E
Reporter abuse_ch
Tags:COVID-19 exe GuLoader


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader:

HELO: kctcintl.co.kr
Sending IP: 103.89.89.197
From: ''Sunyoung Song''<accounts@kctcintl.co.kr>
Subject: RE: (COVID-19) CI OF NEW ORDER---3013670
Attachment: Attachments.zip->088021ord_ # PO.zip->088021ord_ # PO.exe

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1wsQj0jlPPNRr9E4MJgsHcL4X4jRA1RKY

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.47806.28665.26661.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 08:50:11 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=auiqd5c5apnmiwbss7gobvyiv5lc33p2bbnt3hop5jal4ied46vq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1cd0666b758f28d4d3a402dc10f1b185f5a1fbbe7f74cfceea475e72a5bbecb0
GuLoader
473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad
GuLoader
4cd26d79cdab1d9f934cdee769ab7f1803735a120d95afb470a2466a088c4d5c
GuLoader
712b5489228115a95c7718684ee0c1f80a352da3872fbfcbf74000c5306ba664
GuLoader
abb556afbfe3d5af87a2eea4a20e036896db78bfc4b30b7fa8cba8db866d364f
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
c37ae1ed1bf166c96faa73db4544f415c2b81f0a42ccd5311e0aabc0b9e4f455
GuLoader
c410f181985c48a013609ed25c046f7e87782ee807e2b8bd0199788a461eec90
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d
GuLoader
+ 685 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8d5c4ae3a918830c4851dde122ad9e36f5370802c4817b9a6fed2a993ddf5c93

GuLoader

zip 0a11cb7af63cdcf08aaccc93606e0233c969aba3121c2f2cd2e41444924b9cce

GuLoader

Executable exe 051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/348125/
  
Dropped by
MD5 9e0c9bf230280f50b6935cf06ec8e7d9
  
Dropped by
SHA256 0a11cb7af63cdcf08aaccc93606e0233c969aba3121c2f2cd2e41444924b9cce
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments