MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c23bde9d70af07e072c01489007afa4ba4c3672b168e2846f5c2b74c4a9c84a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c23bde9d70af07e072c01489007afa4ba4c3672b168e2846f5c2b74c4a9c84a
SHA3-384 hash: 2a8f7a4d88f71b2dc368e697d96486b81bec7e6fcde54bfb2dbce45f685e02ebad4a49532ce4111165a4237aea6db0fd
SHA1 hash: ecbe4f0e941a1bebb6b58c688875dceb82479692
MD5 hash: 13f5da619a35e85eddc13dd98db445cf
humanhash: item-zebra-august-march
File name:WJ220200602.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:20:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 696a5a6ee1ba0ea781d2664639f5979f (1 x GuLoader)
ssdeep 1536:cAFO8lLihFYaEWgwBbclSLzwK9wXUaTbKxjipz:cLYatgwelUzwmTC
Threatray 5'116 similar samples on MalwareBazaar
TLSH 7E932A077BD58515F1B24B702E7B82996B25BC2A4D829A0F354D1E4B7B307629CAC33F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm29.hanmail.net
Sending IP: 203.133.180.213
From: 관세법인 영진 <yw5900@daum.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.
Attachment: WJ220200602.cab (contains "WJ220200602.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1QlyfqBw80FfX4nndjdakVUAjsDuF7dFE

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6096/
Detection(s):
Win.Trojan.VBGeneric-7995208-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:22:00 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqr332oxblyh4bzmafejab5pus5eyntswfuofbdplqvxjrfjzbfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
0abe72d915f50b2a21fc3cafc52152db81bef2a16be4ccde68e64942bf927af1
GuLoader
2460c3a92796b5c40abef5471ee446623489b3c1bfb70f1015ab74961d477561
GuLoader
4359188e33f22ea7022cb6e57a3870f2613a1c37dbc483475e02b38cde5bfa8e
GuLoader
5e76ddd6dfa4215c3dbd7269318d15a5e5fae698e65600df0aa3f16639d8fc44
GuLoader
6f95416c1006a499c7012c6cde49a27f83223c665cf9b28764030afeb04bf697
GuLoader
92574e92ed7461639393ef09258609b637fc5e68341c5fe13e460f2dff705d0d
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0
GuLoader
+ 5'106 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-z2ltqs91f6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

cab 843a7df2df686644009fed21292ef6d17a7700bc3e8e13374a9568be4729d1c0

GuLoader

Executable exe 4c23bde9d70af07e072c01489007afa4ba4c3672b168e2846f5c2b74c4a9c84a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374176/
  
Dropped by
MD5 949364a12a8d8aa5c8a22579b44fe537
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6096/
  
Dropped by
SHA256 843a7df2df686644009fed21292ef6d17a7700bc3e8e13374a9568be4729d1c0

Comments