MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f
SHA3-384 hash: fbb2f949cfb1955c03b0b0ae95f195da7072a1656f9896603c78a4d536a42f20d880c79dbba24f71716b52b4d12d4bc8
SHA1 hash: 8b60984edac870fb15ee7ee2aeef981ec0df775f
MD5 hash: 1921af0786119e3dfb5492185f9f5670
humanhash: pip-mike-nevada-black
File name:WT20200602.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:21:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 60858209b45cd2563fa09806a5f002c7 (4 x GuLoader)
ssdeep 1536:z4FO8lL6E8/pyeRyBB3lKLzwKQwvLDZ/bTmnyVK:3zpU3l8zwPMJM
Threatray 5'282 similar samples on MalwareBazaar
TLSH C89308036AD44901F1B24A702EBB82596F25FC195D82DA4F755D1E4B7B30BA29CAC33F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: 비 엘 두 주 식 회 사 <gisuk3391@hanmail.net>
Subject: 견적용입니다 긴급으로 견적만 주세요
Attachment: 2020 06 02.cab (contains "WT20200602.exe")

GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/wj1_tIaUf126.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6110/
Detection(s):
Win.Dropper.Nanocore-7995242-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:00:28 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tin32axr3rnomlytuahtqbttks7yu5koolr6x3sjvc3kvj5x4qpq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
netwirerc
Create hunting rule
Similar samples:
06cedd3e446db41cd53877ce7b7c24c31bc034260d7de377c01bb06e1ea9add0
GuLoader
2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c
GuLoader
30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe
GuLoader
5e5d88343393a5a1f98a66c8e5967023e200dcf3be81bc0a3c210396156d0fea
GuLoader
8df5858f489a1dd9f113eda4dbe0aded3fd5a128dd32e991e94c5a2b7623ba64
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e
GuLoader
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
GuLoader
cfc1cfcb5119cb196b34e5905578d55e2afd871f2b93f820637e6386168892c5
GuLoader
f69e7749b6798b4c4f258eebbedc77992536cc24bef9d1bf3d68315ad16abcf0
GuLoader
+ 5'272 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-apg4tdfc4e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

cab 35663c6c218458c23a7b4578019f173961895e1241dc9d4e14253b5516b31d96

GuLoader

Executable exe 9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374156/
  
Dropped by
MD5 1a0ca102a6389c0555d879186f660ae0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 35663c6c218458c23a7b4578019f173961895e1241dc9d4e14253b5516b31d96
Cape
Cape
https://www.capesandbox.com/analysis/6110/

Comments