MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ae738edd2fc130800042a864210df0111d64cd29953198c644035e9d2679acf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ae738edd2fc130800042a864210df0111d64cd29953198c644035e9d2679acf
SHA3-384 hash: 7169f3d4a985e876c2796f6f91aabcdf5dd39812baa2844948828c5aae707b079f005680ce2327d854edc9d1bcc3ad03
SHA1 hash: 2a65bafe1f3cf8191b3c8db1338b6f1fad9f5bd2
MD5 hash: 304cf8912d45b06660a1e57adccd4704
humanhash: august-ceiling-apart-blue
File name:ORIJIN.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2020-05-27 18:25:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cba93fdb8dd665b5e81e8abb31080172 (1 x GuLoader)
ssdeep 1536:dPk6XLf1qcW/nIsusjjVLVkm+PMUPHEf90k8k:dk6T+2sjhp0PbPkfN
Threatray 141 similar samples on MalwareBazaar
TLSH BEE374137ED5BC3DD58A39F16C99699A2A062C10BF00176F21D5FBBD32328E26C51B1B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "EXPORT22" <baliresin@ivyatlasltd.com>
Subject: Purchase Orders No. L 2957/2020 & QPO53804R 3006/2020
Attachment: QPO53804R.RAR (contains "ORIJIN.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mC2us57K54ntwNaFqQa_XUZ5-jWYwNFe

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5769/
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.im0@FGd1J9ji.7846.19234.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:09 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef
GuLoader
437c65b9b088d283a4f8de7395eb28a90b69462c81de7d287ff0f55ea85da219
GuLoader
4675be33b1b3f4b1a348a86088a709b907841e6a6daaa37793c0ed994d40f5ae
GuLoader
7c808fef514fbb79de397a7c84bd1a2763b3b476c821d7c6f7d05b64501c900f
GuLoader
8630725356bc4afad2815f39d01238d6e10477e04d19b5fcedcafc93c7519683
GuLoader
a7cfec855ead8a33902aab33c3c217fbc6fe9fb372c4c8d0c1aec4b493736bf5
GuLoader
ae7bde3f10afd88b0682c566951715a9d12b6ddee53f4713c1f4a3f6a7391244
GuLoader
d022613003b09d53a5004b7180d6d5bcfad0a1b1efefd3d7e6f69ca63204f483
GuLoader
d19cf303057d3c356982205081cf799fb3c1bd5b2e5fa4d471540dcc792d96f6
GuLoader
eedbb575580c9efc8e2a065c6713d388094d08b54d7d4e383ff7ee9446646241
GuLoader
+ 131 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-twd74vpvk6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f57c1ed45089932ceb68dea824ddbd0c4f9f892f661038fc58e5892aef701a97

GuLoader

Executable exe 0ae738edd2fc130800042a864210df0111d64cd29953198c644035e9d2679acf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370061/
  
Dropped by
MD5 54df8b995184afc290183f31a9d70d3b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f57c1ed45089932ceb68dea824ddbd0c4f9f892f661038fc58e5892aef701a97
Cape
Cape
https://www.capesandbox.com/analysis/5769/

Comments