MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2090ef501bf30eff58e65ff4491b5a913e5e105ff952b6d26b3e5ccf9e251cc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2090ef501bf30eff58e65ff4491b5a913e5e105ff952b6d26b3e5ccf9e251cc9
SHA3-384 hash: 725ba167145b24c69399d7002c17c3afde079fa8241fec42fd74f57f85d2ca85f5c2337f81871f6f1e615b2775edf8ed
SHA1 hash: ac2de01753ac3d0eaafc7e05eddbc0db7cf6ae21
MD5 hash: 19441c079bebced94897c9dcd3567d99
humanhash: black-mirror-timing-oscar
File name:file.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 09:49:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0dc990cfa181d27f4e5295fa5b773658 (1 x GuLoader)
ssdeep 768:fQweoPOoz1XMLqiI78nr+YSaf5qjpCLg2UFT1dsRtfZEoo8mh:oweA19is8r+hs5epag2wOCoyh
Threatray 5'186 similar samples on MalwareBazaar
TLSH 89932A017664DCA6DA4049F2CE274BD40EABAD706E014F0B34C9BE1C2A33D877D2C69B
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm35.hanmail.net
Sending IP: 203.133.180.223
From: UTITECH <juha78@hanmail.net>
Subject: 유티아이테크-발주서 송부의건
Attachment: file.lzh (contains "file.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21156&authkey=AAcCJtFdwbo1Azc

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 04:36:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
5e5f96a9f14f11b988f85983cc48ec667fdedb8a1f4f4c2e040e76afc5e9c390
GuLoader
70b9253ccf607853e5722d22bfdfcb22ba55ee3cf921d9368c8115ef91cfb941
GuLoader
7d59dfed8b95da94664078ba62cc2b0eb6d1a346b6d4d480aef47800680c74a5
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
d994985a0e58672d0274aa6d90e7c420858e61ba9a42f1d8650a793de687714a
GuLoader
eada1679af7a95d25610ffc78ad2d33978f71ca837ff809ff5331a9b1f77541b
GuLoader
eb3e94888d5e945faf0b570acc1b2a4652f1b92940e8ac1cd62ff756d39aa1a0
GuLoader
ed124dc85fd2b5c4697bd0f7c90c134c539925bcb63d10f6cd0f99522c73fbda
GuLoader
+ 5'176 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mht146kvgx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231

GuLoader

Executable exe 2090ef501bf30eff58e65ff4491b5a913e5e105ff952b6d26b3e5ccf9e251cc9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366513/
  
Dropped by
MD5 e352f57a7bd8b1378c7a6caed435e341
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231

Comments