MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ba9dbccef86d6630e4db6c7538eb4043232c7f234c1377eacdaa6543d2b8af3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ba9dbccef86d6630e4db6c7538eb4043232c7f234c1377eacdaa6543d2b8af3
SHA3-384 hash: f692d9e65a9329f7985fe1c90d7b321a51dd4798dc4e86321669d739c88066a5433c31e870d533810b8500e0c55a88fe
SHA1 hash: f0cf76c93e8b14d1ef3373b3301a1b2896f71852
MD5 hash: 6b8b96ee955ec2a554dd95976974f4b6
humanhash: wolfram-hotel-michigan-venus
File name:Oligomyodaeu.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:16:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6c65ff56f1a430a811731b52693916d9 (1 x GuLoader)
ssdeep 768:iqphc7416N8lBR2zFECdleeB5BfAZJ+8v0BJXAH6vnJeA:jpFO8lLidleO5B9m0BJXc2
Threatray 5'117 similar samples on MalwareBazaar
TLSH 81734B27AD088A11D5B042715C6BC76E2F05BC1C4A861F8FB55E7E27FB723A26C4E21D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sungwon7.co
Sending IP: 111.90.158.36
From: Lauren <lauren@sungwon7.co>
Subject: FA 2374 LDS TEMPO JACKET.
Attachment: Oligomyodaeu.rar (contains "Oligomyodaeu.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1XIoGRak8bHaUYIzpo8DkcruJ_Mlrs_Lj

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6080/
Gathering data
Threat name:
Win32.Trojan.Symmi
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:35 UTC
AV detection:
22 of 47 (46.81%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tou5xthpq3lggdsnw3dvhdvuaqzdfr7sgtato7vm3ktfipjlrlzq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3259355435f9e6a9b041b93c2faa1ad8a3867de478a436606702593e4e130dd0
GuLoader
411942da0d420d40bda588e6b372013c496be35fd3c586232bee2c2d7706ba2a
GuLoader
792b531e6877d9cf92e64424e683f70666b07a4e8071e6988a1750b822bee1a7
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
ce860f3976ba5df3c4465a4b60d12980677dccc961a9fa91555c7b9de14c3dd8
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
cfce53d1db27bf03c7c8afe4a7841c5c18237ddddbc4e5af8595e1835ab7f5cc
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
d51d90494967e7f04fb03f0f0919afce4597860e34fa80bb116c8683dce0126c
GuLoader
fc4b84d2226bcb153d0f93007ccfe4277efad09572f0ea2396a7700e93cfebcf
GuLoader
+ 5'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-22xe1b9enn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 1129a87ea9f5b6ec25a6221f057a96343b5ef29b7f58b907eea64b9c37659efa

GuLoader

Executable exe 9ba9dbccef86d6630e4db6c7538eb4043232c7f234c1377eacdaa6543d2b8af3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374269/
  
Dropped by
MD5 1e52446d1dbeb4fbccfeb91ee178cde3
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6080/
  
Dropped by
SHA256 1129a87ea9f5b6ec25a6221f057a96343b5ef29b7f58b907eea64b9c37659efa

Comments