MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26578480a0124210e78362e63cb2fb0d2998a47e6b1d8f43cbe787caba1ac5b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26578480a0124210e78362e63cb2fb0d2998a47e6b1d8f43cbe787caba1ac5b6
SHA3-384 hash: 6625302ab9e86616d3f92f14156a7e7d7b0bf1ed89fae89c9e0fe2723d1419bd198dcc680314a620a6000bfb5b034dcc
SHA1 hash: 9983816486b90b0125c6900c796ac4585433ad1e
MD5 hash: 2ff0b8796d1062295178e9cc146f7e47
humanhash: muppet-neptune-speaker-potato
File name:PROJECT MATERIALS, MACHINES AND EQUIPMENTS.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-21 08:39:50 UTC
Last seen:2020-05-21 09:51:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cb9fa9df24edfc9090c2f68b0c51aedc (1 x GuLoader)
ssdeep 768:xyKgBODfifkZFO8U4Q0Q0OB9vJLXLV4I3xGyjx4pUU6PVbHfEmuNH2Q:xyFUb1F5UZvR/GI7cmK1
Threatray 6'121 similar samples on MalwareBazaar
TLSH 04933B73F9746EB8DA6447F2AD3283104523ADF105B60B0B95C97A0D2E77B8B7920717
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: SARAH KWON <jwtotal7447@daum.net>
Subject: [MFC. PROJECT] 5202020[MATERIALS, MACHINES AND EQUIPMENT]ASCON CO.,LTD
Attachment: PROJECT MATERIALS, MACHINES AND EQUIPMENTS.img (contains "PROJECT MATERIALS, MACHINES AND EQUIPMENTS.exe")

GuLoader payload URL:
http://ukaimc.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_ntkZMpLO186.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47915.17842.22064.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 02:56:52 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ezlyjafacjbbbz4dmltdzmx3buuzrjd6nmoy6q6l46d4voq2yw3a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b
GuLoader
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
1621dac1140afd3e3eed4b0f4ab0a93e81cd56c76e7532a0cc03d0b5a8dae04d
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
GuLoader
e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3
GuLoader
+ 6'111 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kct3ahz8kx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 6bd5e7443c888f2059c81b735be3da1a516d6142b22ca3b586c38b50c4b74879

GuLoader

Executable exe 26578480a0124210e78362e63cb2fb0d2998a47e6b1d8f43cbe787caba1ac5b6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365778/
  
Dropped by
MD5 dfcc57a4a0672cd610a7276d9047ea77
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6bd5e7443c888f2059c81b735be3da1a516d6142b22ca3b586c38b50c4b74879

Comments