MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6987962aebbf833513cc85fd4ec26d215170035ee60e69bd2cc2e25b6e9a6d46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6987962aebbf833513cc85fd4ec26d215170035ee60e69bd2cc2e25b6e9a6d46
SHA3-384 hash: 4c0cf1bdcdbc971351dc4892335b5f3c395b1bd45b3f2982c385eef7d74b1fe0267da9d1f7f2da3d52024d587354e33c
SHA1 hash: ed3355e2fb438cad0c43196a0c5080212d20185b
MD5 hash: 50c4676c6636559cb849c9e51afc6b7b
humanhash: pizza-island-equal-mexico
File name:Ref9599229.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2020-05-12 15:24:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d56312210482ca0f49056725c78d89ad (1 x GuLoader)
ssdeep 3072:jch8XDcxJoLnqiYdm67qB4q7sL94/oMXe9bnVqZ48fYt3MbijtkjmG4orF3LRfs2:jchec
Threatray 765 similar samples on MalwareBazaar
TLSH 93D3524BE230F752C70510F17BA916EA92ED9D7858A4C503EBD072FE67B9B05E422393
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: omav.com
Sending IP: 45.147.231.57
From: Sales<sales@omav.com>
Subject: NEW Order Ref:9599229/D0040
Attachment: Ref9599229.img (contains "Ref9599229.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 15:35:57 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ngdzmkxlx6btke6mqx6u5qtnefixaa264yhgtpjmylrfw3u2nvda._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53
GuLoader
09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
GuLoader
43ba958550781f620df1ae656c60c1957ca5e34bde5c59db95ae5cffe303f0a9
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
5d615e82f2b0a90f4d7b50e17fa070d6ce5684bde0a5de1d0661f2d166af964b
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
GuLoader
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
f95099f59ee1cd2f4b432c8698da05d7517c17d122ee3682900e9ee107574561
GuLoader
+ 755 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-r5j1w6jxja/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

9d170cb558522c8f2d9671b4a15b2a89

GuLoader

Executable exe 6987962aebbf833513cc85fd4ec26d215170035ee60e69bd2cc2e25b6e9a6d46

(this sample)

  
Dropped by
MD5 9d170cb558522c8f2d9671b4a15b2a89
  
Delivery method
Distributed via e-mail attachment

Comments