MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9266bf550d2639f64352c62d4a4f59ac24cadabb6bb459c448935feb2303816. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9266bf550d2639f64352c62d4a4f59ac24cadabb6bb459c448935feb2303816
SHA3-384 hash: 614bdba93880baa6a0bf30389c29d3b16282ca0b6bfe1b2fa3a8d1ac3a90aa485279ff9c5c5bb0439c1be7ff9a0c070e
SHA1 hash: ee7b690528326d96c814b3a9fdb09553824c8e65
MD5 hash: 1de4fec15df1ef708104676df94336da
humanhash: kansas-ack-helium-oxygen
File name:P527.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-05-27 13:00:22 UTC
Last seen:2020-05-27 14:13:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cbaf99f5047f852f388f40518a2a285d (1 x GuLoader)
ssdeep 3072:PiN63Ytxevbv+TBWngfXS7XWAkPT1rFV66AV:PiNyYZf
Threatray 164 similar samples on MalwareBazaar
TLSH 4704A41735F18DDED41E8BF328F39A949E2AAD74560C1A5770397E88E8324E911D03FA
Reporter abuse_ch
Tags:exe GuLoader SCB


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: seed.net.tw
Sending IP: 139.175.54.8
From: Affan Kazi <affan.kazi@standardchatered.com>
Subject: Payment Notice
Attachment: P527.exe

GuLoader payload URL:
http://class.britishonline.co/rss/bin/bin_sEUwdp54.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5708/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50057.10344.1386.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 22:02:40 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
21 of 30 (70.00%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0fe7ea8749ad06ace6adf0d7ffa5f6f22ade0f9acafc4aac72b77f3b7c017ad9
GuLoader
1b4b6620233a82eab9ece44f5b3d5aa273b193beb62faea4774467e02d1dbe61
GuLoader
2c1642f94762a15404bbc286403d839f6ceba0659179aa227232af98d2b49d6d
GuLoader
7556ace3bd8a035ca289145f068029f6137fe41f935b32fd1d0b046d1f2e05ab
GuLoader
814e2c04eb5851c9624cf3b0871932e22f99f0b3cbb9b22d987829cb05779e37
GuLoader
a0980c0b0e0c3e32a5910fc48c6a03d5e99338900f7b41d4d7ffd0c70b7354ae
GuLoader
c3b88b1d9c86a4f7cb1ae7c8b91d44d67c9c9e66ea51504c3204eb575a668fea
GuLoader
c52ca2d3f581c0f1149d3538a985bb896755356d0c00abc546c142accaf0015d
GuLoader
f4e3a5c0dc83e93f54af3543efe40a1a984c4eb25be88b1259b685e06176461d
GuLoader
fe0e6e3be607ade9869e9d5a06c87f2485aaf35a29691f74354d7e6a386e711a
GuLoader
+ 154 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-drfknh4p8n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe a9266bf550d2639f64352c62d4a4f59ac24cadabb6bb459c448935feb2303816

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369894/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5708/

Comments