MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 520529fc3ccecc89fe03add329fc847461f7b11d77673afc8886f8d48bc10b76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 520529fc3ccecc89fe03add329fc847461f7b11d77673afc8886f8d48bc10b76
SHA3-384 hash: ce2a5368ba60a6e9caacdc9a02b5a711a43e3142fed4ca642a716dec6842d791ac66f77ae8d8ba2df1a855f60c7465af
SHA1 hash: 9995d68387394de9f9db497e80849d4f4672cc41
MD5 hash: c1ce8ec7a7ab948ba71ef75a04ea21fb
humanhash: double-oranges-vermont-beryllium
File name:Obieforpuppelums.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 11:22:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 88d49811fcf424b8c3921e21ec8db10d (1 x GuLoader)
ssdeep 768:6CVt6DHi6PGvgAAG8balfrnTZXvS7hK7CiRY4fzLfriVuiplHmZpjiJNIxvw71ys:fVh6eYACulfrntGr27rigiQW71ys
Threatray 270 similar samples on MalwareBazaar
TLSH 21B3E606B1DA6D7AEC308FF15A309A712D36BE202D258B073C0DBBAE74725CD25B5316
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mailer12.incnets.com
Sending IP: 210.6.92.80
From: info@keiipeng.corp.com.hk
Subject: Purchase Order
Attachment: Purchase Order_pdf.gz (contains "Obieforpuppelums.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1_yKHgMC0aIDVK_AEEVqmsHVZ1GUsllrT

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4962/
Detection(s):
Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:36:55 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d
GuLoader
0fc6717ef7ff0ae8d2a2add4303127af4693cfa5abb81a5a3a3e06b079051b8e
GuLoader
110f27da9c8dc85e0c193a5d4bdade5019e4a1f9ffea49e9b3dc8eb069e2dbcc
GuLoader
1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511
GuLoader
358178b74d9ff1457dab5015e5d10aa18a3b95d50a5a821568886672dfde97f3
GuLoader
41d2f9ef245a688081894e9983a5094d9beb6d84bda7d057ecc15a247aea6a06
GuLoader
44ccaaf3cc76edd1e184d8c65b13db79638fcbf8ed37b5883c34a1a8a7700901
GuLoader
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
GuLoader
619ed29c59b4f6a8ad37d7ae185713c12899726ed88fcc03524430669f4a3c6c
GuLoader
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
GuLoader
+ 260 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-h6x1thlm1x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 219ac3823d6ca7f681f9305b038b9c33041f4af1fe963e35068594b0b693a899

GuLoader

Executable exe 520529fc3ccecc89fe03add329fc847461f7b11d77673afc8886f8d48bc10b76

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368808/
  
Dropped by
MD5 2b52020b327a1e97fba8a68590920717
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 219ac3823d6ca7f681f9305b038b9c33041f4af1fe963e35068594b0b693a899
Cape
Cape
https://www.capesandbox.com/analysis/4962/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:10:16 UTC

#AgentTesla V2

https://capesandbox.com/analysis/4962/