MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05a9144ade44bd10b23259cbf3df3f0faf127b1ecd5aeb73cf82c4d87cccb402. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05a9144ade44bd10b23259cbf3df3f0faf127b1ecd5aeb73cf82c4d87cccb402
SHA3-384 hash: dfc4935b6ef4687908b3e5118bac259c2b348331e87d51f1522df0537dc3fd8f35b9feaf83b691e6776b792668306dd7
SHA1 hash: c2711d84834747e24c187a25b757df44cd17fa66
MD5 hash: b2e51ac56c69049a08ae6a3b1ae5aaa6
humanhash: sierra-autumn-sweet-grey
File name:Shipping advice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:32:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 814d0c259b8868a13db55c6acc6bc674 (1 x GuLoader)
ssdeep 768:V6FOJTtEDKXu72hp0+8jLPZK6amuRUNBLI6pza7RTshYj/+/ncVLBgO264dmqR:sFU+Km2LCPJj0keWCz+kVLB92VTR
Threatray 437 similar samples on MalwareBazaar
TLSH 87B3E713FBC5AC96EC114EB10AD18BE80D26BC256D025F13725FB7AD29379C21FE0665
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: PAYMENTGATEWAY.bestwebsitemakers.com
Sending IP: 209.105.248.195
From: Myeong Lee <info@globalapprobation.com>
Subject: Fw: Shipment Documents
Attachment: Shipping advice.zip (contains "Shipping advice.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1tn3SXqo_Uv9oCEpS_8-620Asy_4IOgVJ

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5624/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 05:35:18 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04d875e96b175c1b48bc73d256c4b5f473c189c4cde85be92cecab2e74e7dd2f
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
2c1642f94762a15404bbc286403d839f6ceba0659179aa227232af98d2b49d6d
GuLoader
2e4e588077024fa1b6e3a621faef00f099fdf962d850adc1895cd0d878a1e8d7
GuLoader
4447dee4424f298d64e15a4ba543090afe27afc9b839cb186ce4ddad3ca6e6b7
GuLoader
7eb32bdb92a9768dfc8f30f22365aaac0d57931a77bffd71eb928f72dcdeab1e
GuLoader
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
GuLoader
ff670f0f84aef661b70217d00c15c0f0208c8ad2af072988c09941970b3b4081
GuLoader
+ 427 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5dethk6zfj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 12f5947a9ae0f226c8bb4c01eb3e21388c6e84d17c0cfb9403e98276b20a836d

GuLoader

Executable exe 05a9144ade44bd10b23259cbf3df3f0faf127b1ecd5aeb73cf82c4d87cccb402

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368649/
  
Dropped by
MD5 8a0516e5973c64ddbe90d5781caec4fc
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 12f5947a9ae0f226c8bb4c01eb3e21388c6e84d17c0cfb9403e98276b20a836d
Cape
Cape
https://www.capesandbox.com/analysis/5624/

Comments