MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93d64ba68ed0dc9c138a80d867806691f14c10c3a98522c7fbe1a442b3f50f1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93d64ba68ed0dc9c138a80d867806691f14c10c3a98522c7fbe1a442b3f50f1a
SHA3-384 hash: 06a284539b3230beffae3d6602fdce6af6e3c834e534892e716c8162a61a4a1268f4dbd0e5445645eaa1c90773e37509
SHA1 hash: e26b7d54f1d2be73b0abc56d3e958dc74e67771b
MD5 hash: 221e9026dae3d6a77b03d3eb150507a6
humanhash: queen-speaker-oregon-pip
File name:June Order_xlsx.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:08:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 247454b53c7d2f46530ca169ab83270f (2 x GuLoader)
ssdeep 1536:QvSPfxV40pHrzoxSkgrKHxLdGKc+o0FDHdZ1gIGbGfTbEN3xk4REOb:VPX9rFKVdhjFD9zNE9RE
Threatray 5'104 similar samples on MalwareBazaar
TLSH 83B38C0BEC4D8643D51447BC2D178EF93A1EB90D0D005BDF717A5EABAE32A522CA711E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.dynamail.asia
Sending IP: 111.90.130.90
From: Global Green Power/ Janet <janet.z@global-green-power.com>
Subject: New PO For JUNE
Attachment: June Order_xlsx.rar (contains "June Order_xlsx.exe")

GuLoader payload URL:
https://djmixers.co/kali_eJAiaBB84.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6290/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:36:32 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=splexjuo2dojye4kqdmgpadgshyuyegdvgcsfr734gsefm7vb4na._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
3259355435f9e6a9b041b93c2faa1ad8a3867de478a436606702593e4e130dd0
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
bfa0531240e8ae03aee76df45f9e4c8748ad739a63f47c81269d7b2ca05fc329
GuLoader
cbd23ab3964e6425f0068a39d6f15dd86708c1bd091912e9229c1840e75ec70d
GuLoader
ebe7e1de6e345ed9445e0d8a11241d13cb92a7df15fc5f05a6c5d6bbf9d3244b
GuLoader
+ 5'094 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-47crvzypex/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b103c59eef232ab44fbc782ce72b953d6eed831545dfbea5e049e189d2bed593

GuLoader

Executable exe 93d64ba68ed0dc9c138a80d867806691f14c10c3a98522c7fbe1a442b3f50f1a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376013/
  
Dropped by
MD5 1b443bd668af9b95eb8a215f28434518
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b103c59eef232ab44fbc782ce72b953d6eed831545dfbea5e049e189d2bed593
Cape
Cape
https://www.capesandbox.com/analysis/6290/

Comments