MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14c8beb98883ae6bfe985e3f5d7deca650fc2bed76f17da4cf3ce7ae7c2bfced. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14c8beb98883ae6bfe985e3f5d7deca650fc2bed76f17da4cf3ce7ae7c2bfced
SHA3-384 hash: 20e5e994df29aa3c5ea4b4fa526160a77e12094c1d940e6f742eb634e62bc046ea43c18519a8e2fb5cea6d196fcffa27
SHA1 hash: 8bcb635b7de77f620577a7cf50105f1bff5a8212
MD5 hash: 493a292f92ab94b1d0b83e6b8b7adefc
humanhash: beryllium-july-don-yankee
File name:new PO.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 11:22:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f9f922c4160cb1d94076419cbc96b648 (1 x GuLoader)
ssdeep 1536:DCItXESsscXHkEA6QLZ77OaYZwjEPN3ll:w2O+gPB
Threatray 59 similar samples on MalwareBazaar
TLSH 4FB3C55675C66CB6FC389FF1493186711D32BC262D00DF033C49F78E59BA68E296932A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: da.databaseapi.live
Sending IP: 45.95.171.161
From: Luminita <Luminita@gmail.com>
Subject: Purchase Orders 217443 and 217444
Attachment: new PO.gz (contains "new PO.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=B1239884E2DEB3B9&resid=B1239884E2DEB3B9%21648&authkey=ABuZ3TBAqlkKWHE

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4959/
Detection(s):
Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:36:45 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2eafd2db3852f320398ef9bbbab1d291e52e75bba78e3fe21c0fbffe385ba865
GuLoader
4b1798ea1212bd8c50d111f5124660ca4c7288a1c11129aece16c279a11ab3b3
GuLoader
4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8
GuLoader
520529fc3ccecc89fe03add329fc847461f7b11d77673afc8886f8d48bc10b76
GuLoader
56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223
GuLoader
5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8
GuLoader
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
GuLoader
aa37bcba59760edc9f4242c1e6bb619c04d98c6d4b039fee3aee88bac894c21b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b228d75e595d01315f96909833ea8c7cb694dda499c54aaf3e261d2c7275cba5
GuLoader
+ 49 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6m6eqbbjwn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1f973662b7b7eebaa4972fd81f706c28e99ebe58972f8d5d07f7f6630ac54449

GuLoader

Executable exe 14c8beb98883ae6bfe985e3f5d7deca650fc2bed76f17da4cf3ce7ae7c2bfced

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368810/
  
Dropped by
MD5 a18eefa5327bd8615c1e1185b2ae5459
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1f973662b7b7eebaa4972fd81f706c28e99ebe58972f8d5d07f7f6630ac54449
Cape
Cape
https://www.capesandbox.com/analysis/4959/

Comments