MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ee45fdfe890e0199f1c72f05fd27218c358ddce153f85d4e683d3ba72dbc2d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ee45fdfe890e0199f1c72f05fd27218c358ddce153f85d4e683d3ba72dbc2d8
SHA3-384 hash: aadbdb5f0b7e765f823dff3c96d9e0de65920e5e6f1c88508d78e1615623dec39683c6a0d908efdbd48d25d984a0986d
SHA1 hash: f03776f012474f778b23830ac8d076a09bf7fb38
MD5 hash: 08146f38e5e4c5e24cd966ffb86db7b5
humanhash: minnesota-undress-whiskey-salami
File name:rechnung1.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-23 15:16:33 UTC
Last seen:2020-05-23 15:46:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a2f4fe572b89748ddf5bc8683f439988 (1 x GuLoader)
ssdeep 768:Xq38w5qgkss1pcPnVk/3hZ2n009Tv3YhR828Viol2To2MYHmSP2:VUOcvVk/3v2xtYyVRl2ToDYHg
Threatray 371 similar samples on MalwareBazaar
TLSH F9B30723F9E58CF5CE788FF24821D9B81EA6BC2168514F177B04BB4F15B36CA69A1205
Reporter abuse_ch
Tags:DEU exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dd37126.kasserver.com
Sending IP: 85.13.153.207
From: info@schloss-willebadessen.de
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 23-05-20 Rechnung_20-613129926-001
Attachment: Rechnung..zip (contains "rechnung1.exe")

GuLoader payload URL.
http://156.96.118.179/RSol.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34122.hm0@a4UdGDpb.27553.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 15:35:37 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
azorult
Create hunting rule
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
GuLoader
2c80f61e5c61bb87be9e2d60e69093bcb5082fc690fcd751be787dbd118d5e57
GuLoader
4bed372d49cbb980146b1900cf0e641d7e5e9a72a25afbeea28ff996cb93da5a
GuLoader
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
GuLoader
6b4c217c0bdb4660db2d83a8deb9e538e801e8c275e5e1fe955497970daf24c0
GuLoader
7294bdc3333d08ac9c2397b3555c0126928c13600b23de09f21841cfee83f55a
GuLoader
85a40f3f59fb797494adf184b0dbee2b3d8089e9686b9f484c5242c5a75085a9
GuLoader
9ffc0cc7f5b6bfb1e02d404b6d850e2fd72a778a1a2582fc061723f084cc73c2
GuLoader
b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397
GuLoader
cdfe3c9dc4aa1e9378e37badc6993e814acb1ddccc2920dc7fc4fa226d4058e2
GuLoader
+ 361 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sf1sp35aaj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip c2769aa2054cdad5c476b718e569c6445d9013e82a86b73c339c928cbef9d905

GuLoader

Executable exe 6ee45fdfe890e0199f1c72f05fd27218c358ddce153f85d4e683d3ba72dbc2d8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366085/
  
Dropped by
MD5 c8b0f5372d0cc36795694a46588bc48a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c2769aa2054cdad5c476b718e569c6445d9013e82a86b73c339c928cbef9d905

Comments