MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6636e2fc73775db0845a29b062fbeb0ddf5f724909ba9507c51f57e4080de8be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6636e2fc73775db0845a29b062fbeb0ddf5f724909ba9507c51f57e4080de8be
SHA3-384 hash: 35b1ef66e9ae402634da051b87c6ed7fed632700e119faf783d373ca1efe15f4c7f3eeaa2db99bd4f7669be066e2392b
SHA1 hash: 1b6170a0499021ac26f3682281e5feb215bc6c55
MD5 hash: 03d8a7ca7d759cc79ca629e25f06b093
humanhash: oregon-east-nevada-edward
File name:Swift Copy #05262020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-26 17:39:49 UTC
Last seen:2020-05-26 19:06:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e6f416f878df706f4adeab61c2e76bad (1 x GuLoader)
ssdeep 768:FxA+FShZWP8iQuGH67QxUTuqYqtKsN92XqDXsHnjqvY+50AXAH:06ShSWOQxUTYqtKsNU2XsHjqvu
Threatray 821 similar samples on MalwareBazaar
TLSH 8DB3F82BB4E89C79FD2C9FF14C31D6A51D22AC243D408F537988F65D27B269B65A030B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: digamma.host-in-europe.com
Sending IP: 62.75.189.83
From: kudinova@otis.kz
Subject: PAYMENT CONFIRMATION
Attachment: Swift Copy 05262020 1.zip (contains "Swift Copy #05262020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1qYUmX20WRKNJ-qj07UpnANwa-iNG8v3B

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4936/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDK.25004.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 18:35:23 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15b394d8f614faf02d551b0034f2882c052587d717fd4e0966919aeaf1e7ae87
GuLoader
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
9b330bb1491b230182ada7cd439a91edbf552bae7494a2ce6ebf55726660b086
GuLoader
be4614de71b42f1015076a3c708c09f911091333bdca1792450eccddc5ab1484
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
+ 811 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xz33dj96d6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

be6a948c79ed92f7b58db35657ea9104

GuLoader

Executable exe 6636e2fc73775db0845a29b062fbeb0ddf5f724909ba9507c51f57e4080de8be

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369596/
  
Dropped by
MD5 be6a948c79ed92f7b58db35657ea9104
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/4936/

Comments