MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85
SHA3-384 hash: 487090f337531ecf96be22a68d47fa21c617e1210cf36f99d76328189206168592251daa18408c59c4ab0f5c1840a389
SHA1 hash: 7c8ba368783ed0946510e5d3138bf198aa6c9ebe
MD5 hash: 2ea0df569e27a658070c8f74871e150e
humanhash: snake-timing-seven-blue
File name:Scan Docs_pdf.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:32:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3a6d366061d27e64bc452729b6eb336d (1 x GuLoader)
ssdeep 1536:mSEL8ucShAVMSY5A61Qraug7qd9TXV4u2U3zR7zuN3J99cvdjCdzPgJEurjXMJhX:tEL8ucWp9nMX1zBzuZ9q0g7A
Threatray 220 similar samples on MalwareBazaar
TLSH 6C144B33FAAADDA6D60444B8ECD1D4F40412EC25E917891B76C0BF1F36B9183A96173B
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hosting.comfrel.org
Sending IP: 162.241.208.147
From: ROKONMA (S) PTE <azlina@rokonma.com.my>
Subject: Please send me price list.
Attachment: Scan Docs_pdf.ace (contains "Scan Docs_pdf.scr")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1SA4he85xIRkjUfb3FHCV-SwZ8OCkIZMu

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5827/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50213.23824.29900.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:06:53 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b4b6620233a82eab9ece44f5b3d5aa273b193beb62faea4774467e02d1dbe61
GuLoader
1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
GuLoader
41b0a4eba05ad382e109d412680e4a5a636cbc7dc6928c5de923d689f070ece4
GuLoader
4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
GuLoader
7e93dde14915a790ba530c8df9aafdca662a2372210036abeeee86b9b7cb5c4f
GuLoader
8f5fd43179a5ab283f7cab4fb285592a73348d2428a7034a1521fb12a1ead625
GuLoader
9099578cd8445c3215cc256f40bd04b4b83aaa3a0c3e9164441d114b3af802bc
GuLoader
9611507e92379601368f95c9f9fbc933ba13114fee020ea12d19e6a43486bf6c
GuLoader
9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff
GuLoader
b5382684cba90f427975d7be5c938b3216b38f0f00e617f36c71535e4deb8059
GuLoader
+ 210 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1t6zrc6pha/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace ef46452e79ed6ba4e72fdffad80d6733084a2fb984f35ce2df89356734d4a036

GuLoader

Executable exe 15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370284/
  
Dropped by
MD5 cea2989f375f0aa3ac91062d892c083a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ef46452e79ed6ba4e72fdffad80d6733084a2fb984f35ce2df89356734d4a036
Cape
Cape
https://www.capesandbox.com/analysis/5827/

Comments