MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f58248f7b2fe19b063a5df2d076b9014ba98090523db6ee9199e04357fe5917. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f58248f7b2fe19b063a5df2d076b9014ba98090523db6ee9199e04357fe5917
SHA3-384 hash: 3d0b6b5948df9441c73d3bce1518efeee11209f2a1acdf94e99140214081807b19d542e8518fc6b2600392bfdf58d79e
SHA1 hash: de50d32a561f16c4c29f3ff2dca2626b380dadb1
MD5 hash: 8ecf4598aff47b280c734add861e30a4
humanhash: montana-mississippi-sierra-four
File name:20200521.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:40:52 UTC
Last seen:2020-05-21 09:51:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d2ed7108b3a3790fd4b760daf0b7cce7 (4 x GuLoader)
ssdeep 768:KonbmzDiir6IEe6CA8HgZ4LEsRG1YyhJP7oLPNtrmaBmCi:lbmzDDryevEsRcYynPMhs4mv
Threatray 5'091 similar samples on MalwareBazaar
TLSH 77A3E621F9A4ECB0D93543FD5E728E98112BEC794E22CE4730C6775D2AF6588A4F170A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm37.hanmail.net
Sending IP: 203.133.180.225
From: 이재호 <bbhbbs@hanmail.net>
Subject: 요청자료목록
Attachment: 20200521.IMG (contains "20200521.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1TEWrW1QSLXn6sGRHrBAnEVVcrODf4rE5

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47920.4078.23117.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 23:49:00 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j5mcjd33f7qzwbr2lxzna5vzaff2taeqki63n3urthqegv76lelq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921
GuLoader
344d949f94b4420c0cd7772fa786e17059d5599df223a93ef999ea2c663ad8be
GuLoader
347aa505ad319b4d8ee54aabe34dfc2af12b4747af23c6b635821ba9aedd0e32
GuLoader
4359188e33f22ea7022cb6e57a3870f2613a1c37dbc483475e02b38cde5bfa8e
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23
GuLoader
897c29c75ae58e4057c0d32c3704469a7ecfa4878f5d0c60ad8abe2fa821b0b0
GuLoader
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
GuLoader
cfc1cfcb5119cb196b34e5905578d55e2afd871f2b93f820637e6386168892c5
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
+ 5'081 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fwywapxmq2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ec67a927c8d9efc338079a3992515ce8469c6eab8c2bbba3f43d9f504bd474f4

GuLoader

Executable exe 4f58248f7b2fe19b063a5df2d076b9014ba98090523db6ee9199e04357fe5917

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365527/
  
Dropped by
MD5 d26ed19760e997919d2148c15ff8fc51
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ec67a927c8d9efc338079a3992515ce8469c6eab8c2bbba3f43d9f504bd474f4

Comments