MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25e1551ce3ed0f99ef77a16166273dacfbe6d0a37c9998a2f6c68639d21fc35e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25e1551ce3ed0f99ef77a16166273dacfbe6d0a37c9998a2f6c68639d21fc35e
SHA3-384 hash: e840ee29c3e3d1271a897f98c21e44c90e1511cbd0c9ffdf624612a917e408f8cc9f9d241a2b3c7364fc55f1f5748e53
SHA1 hash: 465e80a994954da22a82c1a512c6e1fa74d85947
MD5 hash: e78af03b2d5d408c1d7bd0edaf3286e0
humanhash: beryllium-mexico-pluto-three
File name:list.dwg.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:29:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0022c3edd1d1eaeae33a5878ee99acde (1 x GuLoader)
ssdeep 1536:kyEdXsdlk45LunTMe6HYVpDdzHnKwqD9EyEWrXO2dQTPhbd:CmpaTVpsD9jm
Threatray 160 similar samples on MalwareBazaar
TLSH 98146B32B766DCA6DF450874D9D2C4F81424FC25C8064E5B72C07F2E75BA4D3A9A2B3A
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: 로이 유 <chabeopsu@hanmail.net>
Subject: 견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT
Attachment: HYUNDAI MASS QUARANTREAT PROJECT.dwg.img (contains "list.dwg.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=13P4tVpb0H0AY1JZPdC6ACdo1b0Hl9H7N

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5817/
Detection(s):
Win.Dropper.Noon-7585277-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
190d8b4baeee83f2a23ce8ed96cc57ce538bbbbed88e69bdfe131ba7438bf3cc
GuLoader
1ea235444a0510aeabcc31b2092268c3d0d12d82130ad2cb4b9024246e54186b
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
6c47beb6dad9fa342b607b9868de8560ede70fc5cf2819c0269c5d6fd6c961bf
GuLoader
9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff
GuLoader
b0240d2ab275a142c3ba13632ebb00fd6cba189613ca85e4d800eb640ef0cd9f
GuLoader
ca805dc52512f1850422982cdd82ef272030398c365653dc52576e45cbb229a4
GuLoader
e97244bc82d914b843dadf51702073bb1746d2e9d67f66e5c5aeef31f549a3c9
GuLoader
f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844
GuLoader
+ 150 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-h5bm7bceyj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 732ee2e82d05b8d6eca81f98f8249f399686fd4c849cafea4028d558e1a0bbb9

GuLoader

Executable exe 25e1551ce3ed0f99ef77a16166273dacfbe6d0a37c9998a2f6c68639d21fc35e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370283/
  
Dropped by
MD5 687872f55a295856baaa3e285f706986
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 732ee2e82d05b8d6eca81f98f8249f399686fd4c849cafea4028d558e1a0bbb9
Cape
Cape
https://www.capesandbox.com/analysis/5817/

Comments