MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be3b97c7e3cfc20c1d1bfae70e75d3c2c4b376aa0750310baaa9b1e5011bf6d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be3b97c7e3cfc20c1d1bfae70e75d3c2c4b376aa0750310baaa9b1e5011bf6d9
SHA3-384 hash: 2bec7ee0618bbc1230f6dc585d3c1478b3c34947fbb5955d3eee138b27491914db7dbe4a85c51b33444e3af6e5a22835
SHA1 hash: 2eef4c2bb48c8cd1b24d89eab3aff5f92331cb95
MD5 hash: b30bfc1d47810e78c4f6022211c6bc7c
humanhash: earth-kilo-single-illinois
File name:Mt Woo Lim.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:50:02 UTC
Last seen:2020-05-21 09:51:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3f538c98dde850bd600947b5672ca987 (1 x GuLoader)
ssdeep 768:buF3xw0iY1FS4X3rDov+N/n/PRnayTjfYmjXkrvEBd9mAzlFF:4CjMwWrDo6/P5aCjAxEB7m4
Threatray 144 similar samples on MalwareBazaar
TLSH E0A3F82CF190ADF5D7294BFE1F704A58126FAC710A91C90370CA3B5D26F6989A8A4377
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Woolim Shipping Co., Ltd./SEOUL" <htkim@woolimshipping.co.kr>
Subject: [AGENT NOMINATION] CSS 8,000MT & SM 1,700MT
Attachment: Mt Woo Lim.zip (contains "Mt Woo Lim.exe")

GuLoader payload URL:
https://ny.yummyeliquid.info/mana.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.13146.32731.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 13:52:16 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xy5zpr7dz7bayhi37ltq45otylclg5vka5idcc5kvgy6kai363mq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
26ff3fcf593ee61fa2e32d508d468fd8aad5b10644cf87d4d3ef095f223faec5
GuLoader
275537d87441c354b859273e0729177d78f185bebdd9a86fac240a3f168a80a3
GuLoader
2eb11af6d3282bc293586d723b4f411157975c6a7464bc7fecb0f11a2c8951bd
GuLoader
5014b473901c1517c80fa4229172b855af67b2f20f2e7e61bee8d21a9bb94478
GuLoader
67e4afe6e9701d2970eb3b62da0676750ba3e861801414f2036f3ec039b2e56b
GuLoader
6c47beb6dad9fa342b607b9868de8560ede70fc5cf2819c0269c5d6fd6c961bf
GuLoader
98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e
GuLoader
99a25991c82e15ee5b4db6c8aaa9b11193b2c293e1e4951e4e4cdd8a4c853670
GuLoader
b0240d2ab275a142c3ba13632ebb00fd6cba189613ca85e4d800eb640ef0cd9f
GuLoader
ff9861dd2b7ce7f396ecbcbbdbff007827a32740243b1b3a848c2566ab32fa59
GuLoader
+ 134 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3vh8xl9c1n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 5484272a6f7844da99fb62ef3c13eb493dbf336a572bbcbc2dcdba44aa45a760

GuLoader

Executable exe be3b97c7e3cfc20c1d1bfae70e75d3c2c4b376aa0750310baaa9b1e5011bf6d9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365795/
  
Dropped by
MD5 a63a71665ddba42cb50e52e1f6e474d3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5484272a6f7844da99fb62ef3c13eb493dbf336a572bbcbc2dcdba44aa45a760

Comments