MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926
SHA3-384 hash: 6b442572a0c8733130fabd0944a610df43be562d2744608aa76cc2aac3bd976b5ddc584ef950789d3f72f8654c3c8b01
SHA1 hash: 7d56875b993b39878d9b0c63fdd0de27a1775abf
MD5 hash: 8792d288fc8d9e1297979c028e0d5686
humanhash: carpet-spaghetti-jig-pennsylvania
File name:Reference Model Nr 0017.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-05-26 09:09:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3a49438d2b6a3c4bd61cf03ee05526c8 (1 x GuLoader)
ssdeep 1536:KxSczqCfBempBDXwgR6OHFHAvYEv7Lp/rIXGy6/8hw4beK:GScz4MB7HFKpDXF4L
Threatray 1'119 similar samples on MalwareBazaar
TLSH D9C3295375A98CA1DC598FB14D5B566B2E32AD3078185F0B3646F32C2B335CA3EB4B06
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Joao Pedro <joao.pedro@socimavis.com>
Subject: Mundão Industrial Model inquiry
Attachment: Reference Model Nr 0017.zip (contains "Reference Model Nr 0017.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=16-Vs4QDYte56tXmeY9eje60pnA6QR3X_

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5677/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:55 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193
GuLoader
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
GuLoader
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
b867c39938c7f9800c4a4da862d641a08e2faa3a695c8e41242ff61e767e4cb4
GuLoader
c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e78024e5a271686a09ed988baa347a537c0cf49abb6966f434f4d350d06d9115
GuLoader
+ 1'109 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-eb5n8t5njn/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip b538ea27bd4b8e4d108a05b8d83a044e034951be368a6afe6e3596cc05cf3741

GuLoader

Executable exe 63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368730/
  
Dropped by
MD5 112a3c59e5ffc4311c1bb1eda70bc997
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b538ea27bd4b8e4d108a05b8d83a044e034951be368a6afe6e3596cc05cf3741
Cape
Cape
https://www.capesandbox.com/analysis/5677/

Comments