MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
SHA3-384 hash: ed63b8027ab027e4e22a841f10e92e694c611fb6bc386f3eb2ac203b270a888cd94c8152f8f2666d873ca5480f846451
SHA1 hash: 49cf36a96b7410a60296854fb01eb55933ba1ccd
MD5 hash: 7bedf598397d48e1236c6dbfd2fccdfe
humanhash: magnesium-hot-zebra-echo
File name:Duttedesdelspecifikati.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:196'608 bytes
First seen:2020-05-28 04:55:05 UTC
Last seen:2020-05-28 06:12:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4e152fbfc1d8c12b120b9b3006780fb5 (1 x GuLoader)
ssdeep 3072:1FMNPdvkx2CnZ3CE0VcM767NOZ2Q9NyGYR:1+NPBO2CZ3CEscM7UOZRN
Threatray 445 similar samples on MalwareBazaar
TLSH 4B144B2677A7DCA3D90509F8D5D0C4F81411BC10D8168A6B77C07F2F75BA182AAB6773
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5784/
Detection(s):
SecuriteInfo.com.Artemis7BEDF598397D.28648.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 02:16:10 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
5fc42d8d65da12afe624f5b959b3318a808fe18640d497fa5ed7530748e7935a
GuLoader
6a6153c0ed8295d63f23fae313939e61eb3f94cd61f7a34a22a6557318f032f1
GuLoader
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
GuLoader
9d8dfe823511ffc0ad4556618f8a1b99fd533a06f0323788c7d093efd9446099
GuLoader
aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bd508cadaa46bd60da4540413b6ff4d2d351a7804614ed65fbe1fb211a947d38
GuLoader
c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3
GuLoader
da0c0089713cfd5b47f425f23c23f9a9d82e62000873747dce1a73220319f93e
GuLoader
df255af635a2dde04c031db95862f11e1bf44fe5cfc10d3b20bd4678ed818567
GuLoader
+ 435 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-nw4nqsdp4x/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0efd3c1c0309a39621043d4a50972c19f00b7bb6290175c3ce78330096a37606

GuLoader

Executable exe 1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f

(this sample)

  
Dropped by
MD5 b312718c09d2c2d5e5eb12b867429165
  
Dropped by
SHA256 0efd3c1c0309a39621043d4a50972c19f00b7bb6290175c3ce78330096a37606
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5784/

Comments