MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b4b6620233a82eab9ece44f5b3d5aa273b193beb62faea4774467e02d1dbe61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b4b6620233a82eab9ece44f5b3d5aa273b193beb62faea4774467e02d1dbe61
SHA3-384 hash: 8510e5a1b1c9e63085713d3a210fc2f98a9c21c1da89bbc546e7c4dda7c1bfa3fcf3138a8b53a96d727c2b0517456057
SHA1 hash: eb7e644cf68f90f39a11ae42879ea18248ef5315
MD5 hash: 25b69fdbacf01760773884f1745c14ae
humanhash: island-hydrogen-london-hawaii
File name:PO001122.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:33:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 49c9234185b87954cb80560aa8b05856 (1 x GuLoader)
ssdeep 1536:VsA6d8Ob/dR/UOgVy5diONXXXPCTM4XbLpQfMNLiFpO1jzRyBP8apgQf9DnbkYVP:Z6d8OD7/MlOpXXkNLiDwjzI2ap3/F
Threatray 258 similar samples on MalwareBazaar
TLSH 6B144932B62ADCE2DA4508B0DDD2D5F40922FC15C9178A2377C07F3E77791A3A926627
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vxsys-smtpclusterma-05.srv.cat
Sending IP: 46.16.61.66
From: info@continentaldd.com
Subject: FW: Shipping documents // CI # 2024000018 // PO # 001122
Attachment: PO001122.zip (contains "PO001122.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1YSoNLyxFzzXQ-EJ9H9Wy4slJA-x0tuLs

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5832/
Detection(s):
SecuriteInfo.com.Artemis25B69FDBACF0.2895.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 02:52:43 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85
GuLoader
1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
GuLoader
6a6153c0ed8295d63f23fae313939e61eb3f94cd61f7a34a22a6557318f032f1
GuLoader
7556ace3bd8a035ca289145f068029f6137fe41f935b32fd1d0b046d1f2e05ab
GuLoader
7e93dde14915a790ba530c8df9aafdca662a2372210036abeeee86b9b7cb5c4f
GuLoader
9099578cd8445c3215cc256f40bd04b4b83aaa3a0c3e9164441d114b3af802bc
GuLoader
9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff
GuLoader
a58514d885d493ebb627f107f0a3ded181311e153038fdc1626323bbea512f47
GuLoader
ebd6a36a1a04c51f11cf2bdddb5618da42e2839c1507e34e604627ae214c8e58
GuLoader
f5e259dd4c72111e39df8ac18a4e3307e95e701a552d1c96faa648bc094ae468
GuLoader
+ 248 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rg8d8arv12/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip e80f5738563b9b3e550e88501af16fc15692d9f3799dd31e07446a892e19ae9f

GuLoader

Executable exe 1b4b6620233a82eab9ece44f5b3d5aa273b193beb62faea4774467e02d1dbe61

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370299/
  
Dropped by
MD5 f06efa3a49b9b47b120675eea8607f0b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e80f5738563b9b3e550e88501af16fc15692d9f3799dd31e07446a892e19ae9f
Cape
Cape
https://www.capesandbox.com/analysis/5832/

Comments