MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
SHA3-384 hash: 3736dd153a10a12aaa7dbb16d74ce5f781dd01b77460371d3b6648e50c5dd12adc41f150064a91a7d268d7770eb5a92c
SHA1 hash: 2a19275bb8aa77420263622d1ef3ad60b937ee47
MD5 hash: fdc6916e51e6948657b23128f159e0f7
humanhash: maine-twenty-ack-wisconsin
File name:SAUCILYFLEKS.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 06:50:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24417b76997b2633b8a5e02d24032f51 (2 x GuLoader)
ssdeep 768:utvkP7uGG50cMvV0vbmNcq0pw6+wD0NphjEJsy8g/urj:utsYQ0Tm5lZ+0/9PGurj
Threatray 1'389 similar samples on MalwareBazaar
TLSH 1F53293BAED4D432C9A143B10B6527D54C7BFC3005AA8A1B6D87676DBB329C98C6D307
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Tongfei Wang <wang@yuntong-batt.co>
Subject: RE: RE: ORDER PP1071/PH52
Attachment: SAUCILYFLEKS.rar (contains "SAUCILYFLEKS.exe")

GuLoader payload URL:
http://111.90.148.217/maxy_aQlmvzVntP141.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7467/
Gathering data
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 01:22:15 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nt5govhsymwtqvuxf3hnvapfpqfcoteaigkifnx6heijm23hueka._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028
GuLoader
163b0dbdbeb27d581695908c409f25a926613547da8cc08e844e2a93307bd9aa
GuLoader
53b08ccf3f21eb6c4c2556fd290210d57d8bcdfc92735573ee20839b81a2a98d
GuLoader
7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c
GuLoader
7d53275640b52b08bb54259f6bc85edad2dfe30b6b5f9cea9ddc8d7469d97cd8
GuLoader
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
GuLoader
a40a5e625d55583bfeb7d9ef900686a29dc3c6f580ca1615af7a2ad29f02761a
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
cb108b44f7c1ce27111e05df5b00d405abd180fc46d280b78e9a137fd9858dbe
GuLoader
f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
GuLoader
+ 1'379 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1nqvp4bqsj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 4459a44d0f97caba6ae625131c7aaa48c113cd4fa9103f5e44b3ace5af71174d

GuLoader

Executable exe 6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385256/
  
Dropped by
MD5 a37751c5502d9fc3f8fa30215c788d6d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7467/
  
Dropped by
SHA256 4459a44d0f97caba6ae625131c7aaa48c113cd4fa9103f5e44b3ace5af71174d

Comments