MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6
SHA3-384 hash: 6b3ff0252638ef28ac92097ac75f675286ada29febb5667f0ff4e6faa0d2c1727a08a3dde29413a35475809cc53f6508
SHA1 hash: c05cd1b78622bdbc62ba13e107b56f56120587b0
MD5 hash: c6cd79f42a1495c89ccfc7690e37c979
humanhash: pip-sad-foxtrot-seventeen
File name:Snap6.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2020-05-28 18:05:19 UTC
Last seen:2020-05-28 19:01:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dd234279c483983bebb77dc199208ef1 (1 x GuLoader)
ssdeep 768:1fZmy3N4TX+1v602a2g+76bJEdyVOKziecjSjuRII:1fhC7+1v3H668yVOCliSjlI
Threatray 1'601 similar samples on MalwareBazaar
TLSH B4332827EA285017F14A82B15A52D9927A37FC329E01DD1B2A81FE5D5D34983B4F231F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: box.graetfoodgroup.com
Sending IP: 142.11.195.72
From: Salil Johory <dipak@graetfoodgroup.com>
Subject: Re: Wire Transfer Confirmation 100261804
Attachment: Scan0001.pdf.z (contains "Snap6.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VDDr13QB-SbZaBWx30W2Z7lMfIeRUu_3

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5881/
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.ELIT.9863.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 18:37:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
hawkeyekeylogger
Create hunting rule
remcos
Create hunting rule
emotet
Create hunting rule
gozi
Create hunting rule
Similar samples:
182b2d026edb387534dda66711ee6f9050bc8ed871d0ebb71a96f0b18498ba24
GuLoader
1ed676d7b5902ae99362fbbbd80e7dd2b9cb9c479d9b9a8736f30829e7fe4176
GuLoader
3484fffe14e6d045c8a5c568187f686d4479693dadb3fc4631b7d307000b5148
GuLoader
654dcb8cbaca77d6679523c36f44ea656e39a97ce7e4d6f91b089fe8d54f9787
GuLoader
82421fe6bfd0fa95f4bc1813c1dbaf3ce1fc505f2e04dafefc653316e0f1f547
GuLoader
b4d2f2e28311317f4e568f4245c251cb0eb314e391223b2077d183e3d0de5738
GuLoader
c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60
GuLoader
c87a719713c51891fa7b0def4b093441934d9f60ef8bd52951e2efb9a030f59c
GuLoader
d74d145a490143aa9b5088044bd31e46042dde2522600d119948e7914f1c4a10
GuLoader
ec4b8a8c2223163d74c1c9b97e26889074e995beea8e9a78ba3a8a430fde7bd0
GuLoader
+ 1'591 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2cg9evdps6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ad68a5400fd8f0a8f42bf49416bfce6143c82b4199a86b8dff8b096b15afb628

GuLoader

Executable exe 6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370301/
  
Dropped by
MD5 885eeb4eff493deaab3570ed8c677d16
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ad68a5400fd8f0a8f42bf49416bfce6143c82b4199a86b8dff8b096b15afb628
Cape
Cape
https://www.capesandbox.com/analysis/5881/

Comments