MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70b9253ccf607853e5722d22bfdfcb22ba55ee3cf921d9368c8115ef91cfb941. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70b9253ccf607853e5722d22bfdfcb22ba55ee3cf921d9368c8115ef91cfb941
SHA3-384 hash: f70b124a3a3bb2bf39068581c2af58d7fb30b2c1d9b12c68a1938e0c44b5495fbc199f1427d58216faf66c9e483d862b
SHA1 hash: ac24733f63e0227164727d1d5f058f2b9b19aca4
MD5 hash: 95b50f5ae0f5d8012b2550e892d5724d
humanhash: glucose-bakerloo-artist-fruit
File name:20200424_PO1757611j.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-13 10:08:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 317a4881c2a889b88d6a772c0fd9da73 (1 x GuLoader)
ssdeep 768:1AwIH3vMizF0RLwfcw95bNCsBXGXfwFCgpU32Dl76W9Tbp9NkobZ/hG:KH/MzRLQcw9pNfBWIylJ
Threatray 5'115 similar samples on MalwareBazaar
TLSH 05932903F594A622D2518FB1D7398BEC135BBC202A014D873AD47B5D1B37A46E6233FA
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-smail-vm42.hanmail.net
Sending IP: 203.133.180.230
From: kjcheon <misocheon@hanmail.net>
Subject: 견적 요청의 건
Attachment: 20200513_PO1757611.img (contains "20200424_PO1757611j.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45965.23171.32167.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 00:06:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oc4skpgpmb4fhzlsfurl7x6lek5fl3r47eq5snumqek67eopxfaq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
157ef05047452109ec1552af00806f1469254bc14a5cc942e41180ee82d508a7
GuLoader
2090ef501bf30eff58e65ff4491b5a913e5e105ff952b6d26b3e5ccf9e251cc9
GuLoader
3a0804b5ee36b66aa44341d7f9397cb93291fd788517e632b2b6a00678a5ebe3
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
GuLoader
bfa0531240e8ae03aee76df45f9e4c8748ad739a63f47c81269d7b2ca05fc329
GuLoader
eada1679af7a95d25610ffc78ad2d33978f71ca837ff809ff5331a9b1f77541b
GuLoader
ebb1d3f1ac0d238e6eb3ae96d4ebc49fb5a38c8669e74e65145c858339211dc7
GuLoader
ed124dc85fd2b5c4697bd0f7c90c134c539925bcb63d10f6cd0f99522c73fbda
GuLoader
+ 5'105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vsbjwebta6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 84d8e990b32a2794fce09b94c4cd6ee7fb5fad8f3d07ee6c0ccc21184288b7bc

GuLoader

Executable exe 70b9253ccf607853e5722d22bfdfcb22ba55ee3cf921d9368c8115ef91cfb941

(this sample)

  
Dropped by
MD5 3f5bb64c2c0325c09803b70378f6d3bb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 84d8e990b32a2794fce09b94c4cd6ee7fb5fad8f3d07ee6c0ccc21184288b7bc

Comments