MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f0607e123ec42fad4de746e00964b252574247289a31ec96e9c63e93ac683e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f0607e123ec42fad4de746e00964b252574247289a31ec96e9c63e93ac683e7
SHA3-384 hash: 31997f9d3383a14f35f3f19aa7b92ae04cf9394faf930a15f308a3432f8403442504b705af37736d1961e11afc949e4f
SHA1 hash: 88c59fabcc0c330db2f175ab3d3709c42de49736
MD5 hash: c95aac62951349689b82b3bd2a67bae0
humanhash: red-uranus-wyoming-timing
File name:EvPO21-5-2021TY.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 15:24:09 UTC
Last seen:2020-05-21 15:49:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c5113816ed776aa78770ad74815b75f7 (1 x GuLoader)
ssdeep 768:0D6BxICw+N1MySICoPaLH5bY+/mSB+4zLg7DsG2EzKTPrwwzbG1Ae+s:FpkpbLH55/mSB+40DsGXOj0+bG1AeV
Threatray 1'991 similar samples on MalwareBazaar
TLSH 50A318253A64E9F7DA348BF11D3116A4112BEC302DA10A47BAC63B1E3E335C6E876757
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: captevrix.com
Sending IP: 156.96.59.92
From: Lim Phek Jin<hello@captevrix.com>
Reply-To: legitworld04@gmail.com
Subject: Evergreen Group Pte Ltd - Request For urgent PO/Quotation
Attachment: EvPO21-5-2021TY.zip (contains "EvPO21-5-2021TY.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMBO.32466.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 15:35:39 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
045a0ca823585d73272d70c8b35e6a91c0fcbe5221a088f48db5e613a67be2a5
GuLoader
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
GuLoader
58faef99e4fcfd4f1b48907d4dcc145c0aa1013e43d938abd7a164ff46104975
GuLoader
5a30aa9032bf9eb86209f176404481e70fa108b689330a2544ce0b54fa959ab4
GuLoader
983a50787533f7fb48c7aeccfe0cc8ea3b16a76a39b22a1668ef800ed56556f6
GuLoader
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
GuLoader
cc5bec641350dbb0a00bd08c0c6d7b8e1b7f4d486a1319a0c09a9f7e9c7f4a0c
GuLoader
cd64991b42d0da07fa0c29055f701d4ea75669ccecdafb6f6ff69ea4f81ba76e
GuLoader
eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
GuLoader
f3d5f3e56bf902a666f50102934c54c047caa046484b05c638d7718f35ce3d9f
GuLoader
+ 1'981 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n3fz1f1xwe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip e2e84e0580d1812fe04c00b4396e0b0429fb2b75970a850b1b37e1c7941b6a0f

GuLoader

Executable exe 2f0607e123ec42fad4de746e00964b252574247289a31ec96e9c63e93ac683e7

(this sample)

  
Dropped by
MD5 2d9e7c1662c90920eb52c16da7a1c6ff
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e2e84e0580d1812fe04c00b4396e0b0429fb2b75970a850b1b37e1c7941b6a0f

Comments