MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e1e5f69c17b7f7d578fe65b19f72e43b04752db32fb0c2c6ecc89b97ce0f01f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e1e5f69c17b7f7d578fe65b19f72e43b04752db32fb0c2c6ecc89b97ce0f01f
SHA3-384 hash: e225137945f4fcd7b2c76d5297253fe0d1222a15de13a2bde513218bbe6f611f12291063f30b7e667da44aaee8f36574
SHA1 hash: dd7f0996468c90f281f20d1729fe255d7ba6792c
MD5 hash: d633520811ff99284718ffdb2d5440f1
humanhash: solar-undress-nebraska-triple
File name:Payment details.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:24:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f18c8398c09e8284b5a82a5315383c8b (2 x GuLoader)
ssdeep 1536:wlPsz4pEjFIX6pcW83NuKC74KxL5HHZ9D:uPBEZIqgNjC74Kx5
Threatray 5'109 similar samples on MalwareBazaar
TLSH 27B3D72AB7D8AC82EC567EF00FD15E740D12BC615C108B47BA0FBB4D3A361962FA124D
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vps.aquawetsenterprises.com
Sending IP: 45.95.169.142
From: Accounts <info@aquawetsenterprises.com>
Subject: Re: Payment Details
Attachment: Payment details.rar (contains "Payment details.scr")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=132aGbCFOLWMJa0jPqMcb_11GJdIV_N67

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5559/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33901320.8741.26850.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 10:18:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
GuLoader
3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af
GuLoader
9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
+ 5'099 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-v99bjc2mwa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 79aa2da1836f97b7f4e58ab60e4306d79540aa4bc35e4aba822bfe0a1f587059

GuLoader

Executable exe 5e1e5f69c17b7f7d578fe65b19f72e43b04752db32fb0c2c6ecc89b97ce0f01f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367855/
  
Dropped by
MD5 a1add8fac84adf0e652627414ecc9763
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 79aa2da1836f97b7f4e58ab60e4306d79540aa4bc35e4aba822bfe0a1f587059
Cape
Cape
https://www.capesandbox.com/analysis/5559/

Comments