MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3
SHA3-384 hash: c66a328c6aeec216b9e6163fef6470e6bb4f4baa4012783a37e834188950f32c0693b826e4bfbcb1d244b1f73ae5151d
SHA1 hash: b3dce0ce5dffd2ab4fe826e42725876ee517d9e1
MD5 hash: 7725a1f2e59b447390de5772323d6e05
humanhash: chicken-low-whiskey-sweet
File name:Outstanding Invoice_9389373_05_2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 10:12:38 UTC
Last seen:2020-05-22 10:52:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f8e5bcb8769dc122f27402e0f65e7b4b (1 x GuLoader)
ssdeep 768:VjjvU7AR4E7DJPE4KFOhe+jxctlLQJODlCJ5h2NJWHNDeZHzn5jQ:dU7O4EnJc4kOhe+jxGQJRO5Q
Threatray 2'217 similar samples on MalwareBazaar
TLSH 8A934AB9B58AED67DE390BF10C32C2A80077BC3129115F1735CA3B2D2636A9D9939357
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.nwiran.com
Sending IP: 185.94.98.43
From: UTLX METAL WORKS Co. <info@kts-me.com>
Subject: Invoice Confiirmation prior to Payment
Attachment: Outstanding Invoice_9389373_05_2020.arj (contains "Outstanding Invoice_9389373_05_2020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=16pdtfZQsIuTKlvUWbPTFf7qt38rdyUVy

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 09:15:16 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c
GuLoader
2215802f5deb432f07a1aeebb7eeeffdf18cc5a035b0315ea693b08a4dbf942d
GuLoader
5f8025bc323e672da091a43d6d7ddf8cc6d9e880ddefde5955d0cbafd0092c83
GuLoader
69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839
GuLoader
7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061
GuLoader
803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9
GuLoader
893ef71a58da9c450161aa56fddb97cd0e9c377f94a55e1d71a42569ee085de3
GuLoader
b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac
GuLoader
ecab33f5998dc995c200750f575b8571ae2a9d00b8264ed557be2d651230064e
GuLoader
fa4d6e0887210c5f967d3349942cd846130e5c3c227e56cb0782ec4bc0d9bea5
GuLoader
+ 2'207 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mql5jgwmpx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a89513ea9aed78fccbb98daecf9b3d985c48158e0b9d42ca9861af303aaf2b92

GuLoader

Executable exe 85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366485/
  
Dropped by
MD5 2531ddb456225a073eaf546b28cec7c8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a89513ea9aed78fccbb98daecf9b3d985c48158e0b9d42ca9861af303aaf2b92

Comments