MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b
SHA3-384 hash: e53f8b50bf8e80820091b4e843e1d6bf89699930d3ce0a839ae7ee9ce60626cc521514996b617aea824196a6258a438d
SHA1 hash: 4070c28fa69cf7fc7abd22e22a28fc548b681f6b
MD5 hash: f236dee45b4a983b49f2f8498da5e7be
humanhash: carpet-enemy-spaghetti-michigan
File name:Rev-PO-068789MT100_65657_Sample-Order-Specifications.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:20:23 UTC
Last seen:2020-05-28 08:22:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 64896438afa204a24b1dd5ff52987a95 (1 x GuLoader)
ssdeep 1536:brMfd7Q1ejIQqpjv0tWxVTLnBpSwIT0L+C/YykTUDbjpgOvVXlnNDYMPa5mgHB:0d7Q1oqpvvvTtLITbgDGOVLi
Threatray 181 similar samples on MalwareBazaar
TLSH DE143C22B7AAECA1E9C544B0D8D2D5F505617C24C806CE2B77C07F2E76770826D9E73A
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 김광식 <kwang3308@hanmail.net>
Subject: RORZE: Request For Quotation-Sample-Order-Specifications
Attachment: Rev-PO-068789MT100_65657_Sample-Order-Specifications.img (contains "Rev-PO-068789MT100_65657_Sample-Order-Specifications.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mllEh9vMrJcFFK_KrrrzrL8m7MexP2dR

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5806/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50222.16084.27974.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:35:21 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219
GuLoader
14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4
GuLoader
1b15ba9f050a7ff993454ced505009cf9af6cdee45d8acc037ff05bf96304b97
GuLoader
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
3371cb1ea5c1990f19e0141454e418ba8e30d70c140d5f4cd3e797aa80a9bb9c
GuLoader
8b04dcca28022f6065a0aab229d6fb466ae313dc5dda21b0a7222225d0facfd5
GuLoader
a183841ad3d2f5ce88d9361676673b77ea0610abac6c5206eba8f12dd8abb8b1
GuLoader
a937b882d7884c7b1c92377d8a708cb5e65377c1bc6d6aa923e7183c89da91dc
GuLoader
b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967
GuLoader
e6c57e2f4dfc204c1e9768a3c722cda303af4795c7272a0b94b308cfe8c9c97b
GuLoader
+ 171 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-eh4pch9rdn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b59e686aeccb31bc246a4fc4d58d4ff8513902cae3205b0685c4def4b92aa988

GuLoader

Executable exe 74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370278/
  
Dropped by
MD5 54ff06abeae820e0e33ed1cc824f5fab
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b59e686aeccb31bc246a4fc4d58d4ff8513902cae3205b0685c4def4b92aa988
Cape
Cape
https://www.capesandbox.com/analysis/5806/

Comments