MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef
SHA3-384 hash: c894cc041a5349a895e0c1d755043b7bafe387036ce1e6976c42cc5bf7be4bda473c08672217d9393bf387706dbf686a
SHA1 hash: d04ebdfc52647900527a213773a8be67a3a33022
MD5 hash: ea58e8de5490a06a82e9ff94e872e4f2
humanhash: cup-winner-ohio-berlin
File name:HT_20200525.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:37:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d7e3ec1db94cbc0981c6407e99e8d54c (1 x GuLoader)
ssdeep 1536:bG1NEXe7yOqwgZymJlBb5o7WURwHn8H5k2q15:y1NEuXOZyk52dRwH8lS
Threatray 871 similar samples on MalwareBazaar
TLSH 4FB3F906B6C89C61DE050EF05CE29EA65E27FE252C412F07B60AF79E66375845FE031E
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm49.hanmail.net
Sending IP: 203.133.180.237
From: 이한석 <esnct@hanmail.net>
Subject: 긴급 견적의뢰
Attachment: HT_20200525.IMG (contains "HT_20200525.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uF_4zr5Qc5RfxwI1qstwUifJIVF1XvAV

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5633/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:02:11 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ec3c68f6fa845bcc40ea35365aa204f7e8bdf8010ea20dec2e3ea3f46838e02
GuLoader
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
3667b7518f2634bfd589f12fe1fd6e7ec1701030529dd3ece0b04705e76e5e06
GuLoader
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
GuLoader
8630725356bc4afad2815f39d01238d6e10477e04d19b5fcedcafc93c7519683
GuLoader
8fc12c74c5af599fd99d302b2429d8c8a5d3a5d243d7941758fda223ee3cb7eb
GuLoader
a32c37dd601a6fcdd6e622b2c928c7ef7935a77a0df9a2dfb9c7774630dd266e
GuLoader
bbb38a432f7eff2a12b72c3ed853e937fbf5d7b9bd23b9f8ab61beb6bd594c10
GuLoader
c688c6b0f5bd44c8d37e810000892ce8d0e2225f1dd04a92d454fd60c7cdc779
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
+ 861 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-grqdkwewex/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 4b411e2f0cb2972f8f921d53a04d01b06aa8a68b51202d60484027433b5d223c

GuLoader

Executable exe 11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368638/
  
Dropped by
MD5 e534a09c43054cac6ab0af74750107be
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4b411e2f0cb2972f8f921d53a04d01b06aa8a68b51202d60484027433b5d223c
Cape
Cape
https://www.capesandbox.com/analysis/5633/

Comments