MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07a9d94f0bcc45ac835d85d49807b711521442d887256bcd7664e95fa8898c21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07a9d94f0bcc45ac835d85d49807b711521442d887256bcd7664e95fa8898c21
SHA3-384 hash: 9b3e18a8ffad988aeebf18f921af2448f3069292e5d291ba9b0bb8675b941ae58d6ccb10824c5ddbcd3fa9b94da17681
SHA1 hash: f3e4dc5ae7b8634958771562741a2d0345e92e8e
MD5 hash: d4bad14dfdb19db25b5fc5f63f0b44dc
humanhash: black-queen-table-cola
File name:JWPO20200527.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 16:44:53 UTC
Last seen:2020-05-27 17:49:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 59652dd85137b247145631172e5600d5 (1 x GuLoader)
ssdeep 768:HG5Vmsl7kD9ryAV/tcdd8pkkomYiji5h2iSPvrwlUVCuUsHkAQqRS1ahJZz4p9rS:4VYJ3FegomYim5haPjwLu9KqRSEV4p8
Threatray 134 similar samples on MalwareBazaar
TLSH 77B31C17BAE04C76DC358FB10C7199B42E36BD393E584F07B54DBB4E19326CA299231A
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm43.hanmail.net
Sending IP: 203.133.180.231
From: UTITECH <1919park@hanmail.net>
Subject: 유티아이테크-발주서 송부의건
Attachment: file.img (contains "JWPO20200527.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1BD3JFmqDvvXu4fKlX6jHdJRIIu5kQkGc

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5723/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50065.30397.8904.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 03:45:54 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
18e748742879005f647c8928a776023d2a11aa865f34b6ee75adfa5a2abfebfe
GuLoader
3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546
GuLoader
6c759b96dca08330cce6b7787e69b286d3b1a22a618f81409fd674ef720eb6dd
GuLoader
705359998910a71e56cde4f359ad4ae767d0182b45f46615ebcbaa969fe5c5c5
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
85e0ff2f0c03b8d8ce1d32b446dcef0e32b79fa581a9c27dcf4d0bb92c6b167f
GuLoader
9767731cae5b82c792fc165a9f024425866ca4fbde32b2dd4e9ac6fe12bc3548
GuLoader
9bc42c118c6cc7a45c18fc844e0e132c28cfe4f90380f8a6e1305a798b3d15fb
GuLoader
afa6acb992c2a3a3ee436a4627f8f5e0feed8e6a77dfa4ed6715069f12aef650
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
+ 124 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n2msc8264j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 47193bfcb0e240813cbc99729de19a62dd2c75d5eeaa4ae956ec992b0501300c

GuLoader

Executable exe 07a9d94f0bcc45ac835d85d49807b711521442d887256bcd7664e95fa8898c21

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369907/
  
Dropped by
MD5 ba330d1d74e9c90c3cb9c0e35c4c094a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 47193bfcb0e240813cbc99729de19a62dd2c75d5eeaa4ae956ec992b0501300c
Cape
Cape
https://www.capesandbox.com/analysis/5723/

Comments