MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70
SHA3-384 hash: e27b3270d7bc7471c52816ccfafcb3e19e51bbf3179a2b5f8c37c0fb1915e3ddaed83bd48ce668497fa1403a8d20e6b4
SHA1 hash: 3d32c8d7003c6932f40317e19e036b85503db88d
MD5 hash: d61c3c17e510141c254cffd230a1aaa7
humanhash: oregon-black-twelve-lemon
File name:PLanilla de Facturacion Mensual 2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 15:05:41 UTC
Last seen:2020-05-22 15:48:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0be4e99232f40ee184a4a0e4a93bd8da (1 x GuLoader)
ssdeep 768:YjRvzdw1Fcgqs3ahc1+6eiMZ2Pwcb1Vgcs67G3ImopJa+942erBTLE0W/mqLqY:KRvJmaa1+AMZGwkgcPvprGN40A
Threatray 5'083 similar samples on MalwareBazaar
TLSH 32930936B9A0D876CA300FF15D31865815ABFDB45A600B4B38D93B1D3AB394E9C3536B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.214
From: Roger Salsavilca <rsalsavilca@pacifico.com.pe>
Subject: PLANILLA DE FACTURACION HASTA ABRIL 2020
Attachment: PLanilla de Facturacion Mensual 2020.img (contains "PLanilla de Facturacion Mensual 2020.exe")

GuLoader payload URL:
http://kuroilersuganda.com/indaboski_YhPLYlC132.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:35:45 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
18e748742879005f647c8928a776023d2a11aa865f34b6ee75adfa5a2abfebfe
GuLoader
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
GuLoader
a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55
GuLoader
a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
GuLoader
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
d159f3626adf62282b20470b72d2d93408da1cc30bdc4df23030fe77e2c992f8
GuLoader
e825c5b9c196015372cc2153f670cdfec42827fe20aff62c5d493b67fd9c92f1
GuLoader
+ 5'073 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1v6yb83phj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8f523607fbb86164f0d88a71a33fac4489f8c99d94170f2ce4de75ada1677ae4

GuLoader

Executable exe 11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366781/
  
Dropped by
MD5 dc00ec6b9cac54c951c385021191edea
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8f523607fbb86164f0d88a71a33fac4489f8c99d94170f2ce4de75ada1677ae4

Comments