MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a5b328942673d86edf79078433db7e953cb5665087b33f1be3b463fb775ddf1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a5b328942673d86edf79078433db7e953cb5665087b33f1be3b463fb775ddf1
SHA3-384 hash: 32e85f195fa6db1ecfe585f3649b65c5303f9bb289ae2b14d3734a4d324a9589b21862c275c8c252b0802d4f14d740a6
SHA1 hash: 6faeaea00d07627124ff21c28d9e117bf3c3da0c
MD5 hash: 92032e0c275603789169e57a35afbe85
humanhash: ceiling-spring-bravo-batman
File name:WJ1PO20200527.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:16:40 UTC
Last seen:2020-05-27 17:49:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c5847800d8664ef26f29be19166ed6ff (1 x GuLoader)
ssdeep 1536:dXxPMkpWU3BHhFd/egyLApiVZlTfVipUeyBV:dXykpz9rdyEi1LVe4V
Threatray 477 similar samples on MalwareBazaar
TLSH 5FB3F703B5909E72D8359BB20E71D6591D32BD793A140F4B710CBB4E7836ADA2AF071B
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm49.hanmail.net
Sending IP: 203.133.180.237
From: 한석 이엔지 <ton-q@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: 5-27-2020.img (contains "WJ1PO20200527.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1HdqVKHKQ4m2VOvXMBaT6NP89iiHpMFG9

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5747/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50129.1541.19057.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 07:10:43 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
03b8ed717d92754a5002afcf6aff7e42e45330465bf2706bf6d8a53ba6f7250a
GuLoader
04f1d85359b1f2a91da1cbaf29c0dc00a838e69c018a95bda951cff1c482bfa5
GuLoader
0a1a06e6295b998e4bad7a627623b20ca2cf4a2aad41276c8887877553c14996
GuLoader
1d36ad7531393b119ef8e73253874e7af0f22f20a8072797d6ff243e7bb66bb8
GuLoader
3600e2ca432c06f2c37d370e2a70adbc1ed32e35ebfd177f1d7b09e0ceefcdd4
GuLoader
54b35c8b82d20ae8c2cf8204a8a56562364bbca46d434670369c6bd578bdfd6d
GuLoader
5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c9ab5be38ab7174e733c55d730b50c0e046dafbca139255af8791800a80cd32e
GuLoader
cb3361d5bf568aba34328c4ec4fc2b9dc0453cc935aa611236d4b5a08ad7d2a7
GuLoader
+ 467 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-18x64es53j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 95b8ce9cbf8175a0b58262bd3854b135a0937daa929a5f78f1d8cf9b17b3c258

GuLoader

Executable exe 5a5b328942673d86edf79078433db7e953cb5665087b33f1be3b463fb775ddf1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369933/
  
Dropped by
MD5 a9ee90371df7e7a747de0bb1f7f7800f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 95b8ce9cbf8175a0b58262bd3854b135a0937daa929a5f78f1d8cf9b17b3c258
Cape
Cape
https://www.capesandbox.com/analysis/5747/

Comments