MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a4aa699e0c5c52be67ef44ccb37c96c9ec92879f2b0147d985a9e998816d343. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a4aa699e0c5c52be67ef44ccb37c96c9ec92879f2b0147d985a9e998816d343
SHA3-384 hash: 4ecea63fabd9a36a85b66f23e382be4fab15ac1960ddbacd2c880f705ec5b8b7cb1d91a3b4ac99b9c025b8e9882b5913
SHA1 hash: af1dd84467c7d61998827ce0d699e395f5376a52
MD5 hash: 0758be3be424243fa46f85deaa18413e
humanhash: steak-lima-crazy-snake
File name:New Inquiry-39832-GNMX.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:17:05 UTC
Last seen:2020-05-27 17:50:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e1e5ff36c7ba52a21fe1a622dfff8937 (2 x GuLoader)
ssdeep 1536:iocd2L/wNmxE0P1VI1/yxnG1NyR5a0d1tF+inrG4sa58aC7Mw4CJITONFDXU:il2LcmHP1P/2fbgOzDE
Threatray 46 similar samples on MalwareBazaar
TLSH 64B31A5B75C1AD73EE358FB3497295911D32BC212F040FAB7245BB4ED6321DA2AA031A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host.switchgroup-sd.com
Sending IP: 192.151.145.170
From: mohammed.alliadi@switchgroup-sd.com
Subject: New Inquiry
Attachment: New Inquiry-39832-GNMX.rar (contains "New Inquiry-39832-GNMX.exe")

GuLoader payload URL:
http://skinnybean.org//wp-admin/a1/007_WiwDCbZMN161.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5749/
Detection(s):
SecuriteInfo.com.Variant.Jaik.40167.20586.3809.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 10:06:47 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1180c43e3a157c4281bb941803b47646935489139498167e6877822744d275c8
GuLoader
4f58248f7b2fe19b063a5df2d076b9014ba98090523db6ee9199e04357fe5917
GuLoader
60a29266c95ea0804f9ac2ac669d0999bd484bdb94b557a6068479a08bee287f
GuLoader
7e72084065a862db54cde005432cbced6d6955d9d67380befbc5aa1a0eaa8247
GuLoader
80a97f4835c03468d5e6bc49c7d95c5e31bdcec4106364a0282ef5d6aa3a41c9
GuLoader
86df8967bdd2d2f92df86193d138e2e4c15957e091644e2efef7687de49b6c02
GuLoader
887de911a26e0008429adcba8abc212d36423fae62d40aa1df57e2883db77d45
GuLoader
92b3287ca777166f9231da535aa5248d3508ffdae60a53e378316ac079b9b60c
GuLoader
9c6ce0c9e8796042fe6202de1b60ea132bcf1c3c06dd4fdd305ec80ad3d17346
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ddc7a38rr6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 47e68a3cfef9c1fdf089a895de4842eb635ce2ca180742789d445c2587d0bdcd

GuLoader

Executable exe 6a4aa699e0c5c52be67ef44ccb37c96c9ec92879f2b0147d985a9e998816d343

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369934/
  
Dropped by
MD5 f9a94ec7350ef8dae02f9cbb2f48f6c7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 47e68a3cfef9c1fdf089a895de4842eb635ce2ca180742789d445c2587d0bdcd
Cape
Cape
https://www.capesandbox.com/analysis/5749/

Comments