MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50644eb4c3d4ce7aa1074c0096b43b2c4e7aaff4ce9e9a650c62ae934f85c081. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50644eb4c3d4ce7aa1074c0096b43b2c4e7aaff4ce9e9a650c62ae934f85c081
SHA3-384 hash: ef2ca5ec6589e5a54310bfe749857a39c9df65ab07f166ba7130b7b44b0f619915774a16c920f6fa12b599d95c39a489
SHA1 hash: 3881053a2b4bc02140e1de9d1317970f525d3317
MD5 hash: ccbf1f9df84673d9fea0fdb50f915b0b
humanhash: july-three-saturn-table
File name:INV&PK Maersk.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 13:22:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6b737e78171d9e1903f2ff49a5cee902 (2 x GuLoader)
ssdeep 1536:9fSPfxV40UNwlczIeGpkgrKHxLdGKc+o0FDHdZ1gIwZZX060EI0ztrAR:oPXUW3KVdhjFD9z8DG5
Threatray 5'129 similar samples on MalwareBazaar
TLSH 5CB36B17EC888613D1544BBD3D138EB93A1EA91C49005FDF71396E9FAD326822C9726F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: jsrnana.com
Sending IP: 23.254.167.224
From: Jackie - Maersk Logistics <usetolif@jsrnana.com>
Reply-To: Jackie - Maersk Logistics <usetolif@jsrnana.com>
Subject: Maersk Delivery Status: Shipping Docs Advice P.I 09498793
Attachment: INVPK Maersk.rar (contains "INV&PK Maersk.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/group/sen_AIYKO236.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6530/
Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 13:36:30 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kbse5ngd2thhviihjqajnnb3frhhvl7uz2pjuzimmkxjgt4fycaq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe
GuLoader
4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308
GuLoader
b596016d60a01e5fb98389d4d8fb68acf6bd7ffd43726c39532da508073a9a3c
GuLoader
be4614de71b42f1015076a3c708c09f911091333bdca1792450eccddc5ab1484
GuLoader
c6aeb4ac138f69e967b712ddf91b7d5b2339e3a97d4fce6f7d48379745e2cb2e
GuLoader
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
GuLoader
d11cef47f0e97409844b3bc448cfabcfd7f97a4289012ba50e4b7175f5f4c870
GuLoader
e1ef53521aed004fe790b232883a12cb5f241ead4c81718b08ac0150323563d4
GuLoader
+ 5'119 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xtdnn42zla/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

6486be31be5316596e5dcb86a4aabbf0

GuLoader

Executable exe 50644eb4c3d4ce7aa1074c0096b43b2c4e7aaff4ce9e9a650c62ae934f85c081

(this sample)

  
Dropped by
MD5 6486be31be5316596e5dcb86a4aabbf0
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6530/

Comments