MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2eea12d417bbdbd859dc38307e5dfa3e90720865c81bc8ff99af0916d65e1a03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2eea12d417bbdbd859dc38307e5dfa3e90720865c81bc8ff99af0916d65e1a03
SHA3-384 hash: 21b408a4aff0c2ffef101ea59c369342837e142f495e360f850ae221ac79c7e39923f7ed4411bb87a87b2dc2396baa9b
SHA1 hash: 1a741c6641b5dae537418e6af11949f32dafe0df
MD5 hash: f315e618be659eb287be79a646bf1c45
humanhash: pasta-jig-johnny-red
File name:GM20200528.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:35:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 99b243349168bd9eed5b1d50060e809a (1 x GuLoader)
ssdeep 1536:CCJMWW4JxidAuK51+SQNdO9Z/p6Fy15fnLOZabItaMCCcdEbgB3xUCWBz8voJaG:HJMWW4nEAuK7fQNdO9hp6F6duCCnclM
Threatray 245 similar samples on MalwareBazaar
TLSH BB144C36BB5ACC72DA414CB0ECD2D4F81561BC11D8078A6B76C07F2F767A093BD66226
Reporter abuse_ch
Tags:exe GuLoader Outlook


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: EUR05-DB8-obe.outbound.protection.outlook.com
Sending IP: 40.92.89.93
From: Eric Quispe Ruiz <denis_quispe2@hotmail.com>
Subject: =?ks_c_5601-1987?B?seSx3sGmwNvAx7fa?=
Attachment: PO.IMG (contains "GM20200528.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1tq6uQ6hcpE5i_pS9c1DqTAJvs69X_1tI

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5839/
Detection(s):
Win.Dropper.Noon-7585277-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 08:33:42 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
160684d9f79b0e33093a76315cbe47afd4d0f27f5dadd1b6fa314d8ff8a64370
GuLoader
1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
6a6153c0ed8295d63f23fae313939e61eb3f94cd61f7a34a22a6557318f032f1
GuLoader
742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343
GuLoader
8f5fd43179a5ab283f7cab4fb285592a73348d2428a7034a1521fb12a1ead625
GuLoader
9611507e92379601368f95c9f9fbc933ba13114fee020ea12d19e6a43486bf6c
GuLoader
ebd6a36a1a04c51f11cf2bdddb5618da42e2839c1507e34e604627ae214c8e58
GuLoader
f5e259dd4c72111e39df8ac18a4e3307e95e701a552d1c96faa648bc094ae468
GuLoader
+ 235 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xscfjzgqva/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8b69ab443253fa64871a80948b2828e1ec761393d3f754df6e02712636444c3a

GuLoader

Executable exe 2eea12d417bbdbd859dc38307e5dfa3e90720865c81bc8ff99af0916d65e1a03

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370306/
  
Dropped by
MD5 e5590a6e44bfefc673a48d939519ab16
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8b69ab443253fa64871a80948b2828e1ec761393d3f754df6e02712636444c3a
Cape
Cape
https://www.capesandbox.com/analysis/5839/

Comments