MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e3d83f664a5147b54de0323cf7319099cf4e214a074ba76c3cdc566f475eee3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e3d83f664a5147b54de0323cf7319099cf4e214a074ba76c3cdc566f475eee3
SHA3-384 hash: a19793021f538879ced04fc8a88dad0af6fc34254f1756fd3c43e0868ca5fe2c8533139b24225a71983445d3182343e2
SHA1 hash: 4730da3951bf8d4967873e171da2989fe1adc94d
MD5 hash: 5c5d66f2daef696903690cf6c9d9f01a
humanhash: uranus-apart-massachusetts-carolina
File name:file.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:31:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 62f3d0fe09e6d852437f8944dd59e6cb (1 x GuLoader)
ssdeep 1536:K/8xsxf5ypmbOW7IIfFsGH+CwAeBThPrux36:K/t/0Ws5CwAeBP
Threatray 308 similar samples on MalwareBazaar
TLSH DFB3071376DCAC82ED011EB88FD09EA41DA6FC756D600B0BB04FB75EA9B71911FA4706
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm81.hanmail.net
Sending IP: 211.231.106.156
From: UTITECH <hhsm1015@daum.net>
Subject: 유티아이테크-발주서 송부의건
Attachment: file.lzh (contains "file.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21156&authkey=AAcCJtFdwbo1Azc

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5622/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:14:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
28de8f6722499072f48c519ac1b2f318f56f1a800fb3db515d0700d5f4b1db50
GuLoader
2b6160a9720ed2cf3b818dafc81e4f092111d4df2e0db161b994b39a5ceb78f3
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
434ea880ad59cffded73a776f3a01a75e6afef21fc6dca45b364fd3f0ba54de3
GuLoader
6fd66c1d011fe7b8658211ad8990d9b06d23722a50c407675112ffb879043fa5
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ebd6a36a1a04c51f11cf2bdddb5618da42e2839c1507e34e604627ae214c8e58
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 298 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n9sn3s4dla/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ae4221eb51699a4cf17f425e8ade77c5cf2bb0c1b283cd4f51421acf462a4294

GuLoader

Executable exe 0e3d83f664a5147b54de0323cf7319099cf4e214a074ba76c3cdc566f475eee3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366513/
  
Dropped by
MD5 74386b484918b0adf465932f68772c31
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ae4221eb51699a4cf17f425e8ade77c5cf2bb0c1b283cd4f51421acf462a4294
Cape
Cape
https://www.capesandbox.com/analysis/5622/

Comments