MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9620e9e95846fd7b21206464f6e5493290e869a425887621835ecc2a0de82101. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9620e9e95846fd7b21206464f6e5493290e869a425887621835ecc2a0de82101
SHA3-384 hash: d3dad6728baf42e056b7fc607bef36e1a71ec0bd54d24e8f0450f0b94493a5f1301b08efc21eb11f8ca1f0bfcc315ba9
SHA1 hash: 9e4a42e803d85d178478897ff757ab8a8aa5921e
MD5 hash: aaf0f0e6deb5b6a3f8ebf8c98ffe08d5
humanhash: cup-jersey-freddie-zebra
File name:20200522_wj3.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-22 09:54:53 UTC
Last seen:2020-05-22 10:52:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ba69cb43ef921d63e89dc182626b1a7 (2 x GuLoader)
ssdeep 768:VOC0wu7eg3eGbZJwaAfMrWjUOn0le9mlVCEY8pwG0CNClil729NG5ncvx:wjwiuwZSDJAe9VEY8p0CNj72H/p
Threatray 73 similar samples on MalwareBazaar
TLSH D9A30935F5E0EE42CA4D49F11E276B291817FCB519990AC3A2C77B1C39325C2AA7136F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm37.hanmail.net
Sending IP: 203.133.180.225
From: 이용종 <ogd7528@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: file.xls.img (contains "20200522_wj3.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Bj4Pk98k6226AN6WvT5V8g8bLwo9zUcc

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:02 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0f9f76e8ffa64b600745b99b8f7b51cfa151299424e6523995c6c0bcd7a5cd6b
GuLoader
5fc23e159d21753ca7140091700214b2c277d0f94e80280b58bbfda43930e7d2
GuLoader
6da928194ba7abbc975b4b7ce1415b1fc7787a459f137ce07498920fd740bf68
GuLoader
705359998910a71e56cde4f359ad4ae767d0182b45f46615ebcbaa969fe5c5c5
GuLoader
816a22640c198358df27b5953469f956ad1f0c88cdfc53a3c9e3b426516d0950
GuLoader
9bc42c118c6cc7a45c18fc844e0e132c28cfe4f90380f8a6e1305a798b3d15fb
GuLoader
a32c37dd601a6fcdd6e622b2c928c7ef7935a77a0df9a2dfb9c7774630dd266e
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
e180e8ae6521bb30a7baaeaf95c7583815922ef07c695c5a6fc7c123b6442d7b
GuLoader
fb929a20bfd4d36c126f3d26b95aadf256f2f85ef3b2564f9a79fd7cc92f7eb5
GuLoader
+ 63 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-61xfmg7dss/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c9f2f2fc79dd24031077643b4715ea83c021f2ded837c68f426ce78b2dcf254c

GuLoader

Executable exe 9620e9e95846fd7b21206464f6e5493290e869a425887621835ecc2a0de82101

(this sample)

  
Dropped by
MD5 a29fa790932e18f2ddbec34a84abe15a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c9f2f2fc79dd24031077643b4715ea83c021f2ded837c68f426ce78b2dcf254c

Comments