MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4da0526019c843ade96399a33f2a5e9a9d8e415d69859ee8c7874439956c131c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4da0526019c843ade96399a33f2a5e9a9d8e415d69859ee8c7874439956c131c
SHA3-384 hash: d18fba16bf7ff6f3cc4e9a0cc824262cb1b42a89a81153251bee4aef80c533a70a5d8043d0bdc176245e566e9185f8d2
SHA1 hash: 582c39ade9c189a21b9d3ccc6c263371b0a44f50
MD5 hash: c452f3c565c02215b8615b26f61777f0
humanhash: timing-idaho-muppet-snake
File name:Filmmssigebal9.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:36:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 406b236b58e1d43e50859ccf88f8fd24 (1 x GuLoader)
ssdeep 768:v+czZy1clkJCYhqSGzhMEe+1TwDvbzt7HhMH74iwpZlpKE6QPHHF2hz22mTo:f0KlkIYAyx+VwDvb1ebSFYQPHl25oo
Threatray 826 similar samples on MalwareBazaar
TLSH 11B3F723B5F8BC91EC42CEB259D26EA41D62BCA51C105F07745FF72E283A5E52FB0606
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.example.com
Sending IP: 103.114.106.250
From: Jason Bourne <admin@mogioan.cf>
Subject: NEW FOB KWANGYANG Seaport Korea to Karachi Seaport Pakistan.====OLYMPIA
Attachment: NEW FOB KWANGYANG_images_.rar (contains "Filmmssigebal9.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1T5CJ00ZJFsLm6bvBZgXGXd9nqoeKd21O

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5631/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 16:12:16 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d
GuLoader
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
GuLoader
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
b894523c9beb2e22e87d705de2f9f48a907f82a2cd9c55c3dc0c1ca186fcef20
GuLoader
d335fad41e3f9b09effaf617e6c56554b667191c9c94f4b644a15b396408858b
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
+ 816 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-15wnbb6s9s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 47c5eb7a419ecd3748cfa2ad302ad6fbc374c17f146cc79e9ff5ecfffb03b73a

GuLoader

Executable exe 4da0526019c843ade96399a33f2a5e9a9d8e415d69859ee8c7874439956c131c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368643/
  
Dropped by
MD5 a8864b92b7a89ae6b9b0a0b8780d95ff
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 47c5eb7a419ecd3748cfa2ad302ad6fbc374c17f146cc79e9ff5ecfffb03b73a
Cape
Cape
https://www.capesandbox.com/analysis/5631/

Comments