MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 823a4cc1becefc6e8d75c478a8f79fe78852c3ef68e4801ab6e198fa34084f70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 823a4cc1becefc6e8d75c478a8f79fe78852c3ef68e4801ab6e198fa34084f70
SHA3-384 hash: 51347fd0c8aa936794d27a41ddbacce9a903857b53db9d48a6df4c85dcff6ca83de1ff26003642914b2b5f94fa4a0a08
SHA1 hash: bd70dafc081ca3263a147f37abb1943720534f33
MD5 hash: 4f1b7207e662182a93ffa8decabe7f96
humanhash: sweet-india-timing-early
File name:WHT20200528.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:28:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3f8624464d861c6a76bb7306231693b6 (1 x GuLoader)
ssdeep 1536:sIhwa+wopYf8wJ02iCNry1+8pPlX/5toBqlz62uaLL8F4f0ufSoSt0mvrTwJ46wy:vhDoCJ02rNecoPlX/IGLGufSoSNHwgy
Threatray 258 similar samples on MalwareBazaar
TLSH EC144B26B676DC76DA5184B0F8D2C5F41421BC44E92B8E3B75C17F2EB1B6043AE36236
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm44.hanmail.net
Sending IP: 203.133.180.232
From: 비 엘 두 주 식 회 사 <tkfcyss@hanmail.net>
Subject: 견적용입니다 긴급으로 견적만 주세요
Attachment: 2020 28 05.img (contains "WHT20200528.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1y1RpoiTq5mCOe3Ruec8KmXZ82Dxm2S60

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5814/
Detection(s):
Win.Dropper.Noon-7585277-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:44 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
GuLoader
1ea235444a0510aeabcc31b2092268c3d0d12d82130ad2cb4b9024246e54186b
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
2eea12d417bbdbd859dc38307e5dfa3e90720865c81bc8ff99af0916d65e1a03
GuLoader
437c65b9b088d283a4f8de7395eb28a90b69462c81de7d287ff0f55ea85da219
GuLoader
6c47beb6dad9fa342b607b9868de8560ede70fc5cf2819c0269c5d6fd6c961bf
GuLoader
742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343
GuLoader
9611507e92379601368f95c9f9fbc933ba13114fee020ea12d19e6a43486bf6c
GuLoader
a183841ad3d2f5ce88d9361676673b77ea0610abac6c5206eba8f12dd8abb8b1
GuLoader
dbe3adc3ffef68644b53d19190b59e28e31b6caedb7ba852ef2158e662921a37
GuLoader
+ 248 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hfatpzwj2a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 5dec0ddd700bac7f810212ff534de79b4d764e9391ee0e45c2857dddb50eeeaf

GuLoader

Executable exe 823a4cc1becefc6e8d75c478a8f79fe78852c3ef68e4801ab6e198fa34084f70

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370289/
  
Dropped by
MD5 8e746e10bae2a12966d61c1a02851ec7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5dec0ddd700bac7f810212ff534de79b4d764e9391ee0e45c2857dddb50eeeaf
Cape
Cape
https://www.capesandbox.com/analysis/5814/

Comments