MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be4614de71b42f1015076a3c708c09f911091333bdca1792450eccddc5ab1484. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be4614de71b42f1015076a3c708c09f911091333bdca1792450eccddc5ab1484
SHA3-384 hash: 0a0cba55d0201dd47e6828c1ae6db77c6c648dafca42334a78fbba0c3af7b5dc378372a9384860b98632202a6bf2b4c7
SHA1 hash: 350ee610545a285b6279cf7aef00897a92a6d170
MD5 hash: 56ffb08a4da8f911243e6147024d52e2
humanhash: six-fix-skylark-one
File name:RE# NEW PO# 4533242.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 12:57:57 UTC
Last seen:2020-05-27 14:13:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ff1c6c17d84c64223f8d36e4d54c1c4e (1 x GuLoader)
ssdeep 768:hYrtvy/2/t5c5/PrioanyxEBUcdlWZBkKBFe3rm6PmInzvcvfCALA+:2rVt5a/PVaGGJWZzFe3rtmczv4n
Threatray 5'116 similar samples on MalwareBazaar
TLSH 03B30793B4D48C76FC3DAAF0C931B5B51D21BC607D408F17BD49FA9C267A189AA6034B
Reporter abuse_ch
Tags:exe GuLoader Outlook


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: APC01-HK2-obe.outbound.protection.outlook.com
Sending IP: 40.92.255.93
From: Ruwan PATTERN <pattern58@hotmail.com>
Subject: RE# NEW PO FOR may
Attachment: RE NEW PO 4533242.rar (contains "RE# NEW PO# 4533242.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/sean_SgXXorh87.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5703/
Detection(s):
SecuriteInfo.com.Variant.Graftor.756195.22379.27044.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 13:36:11 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308
GuLoader
50644eb4c3d4ce7aa1074c0096b43b2c4e7aaff4ce9e9a650c62ae934f85c081
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
b596016d60a01e5fb98389d4d8fb68acf6bd7ffd43726c39532da508073a9a3c
GuLoader
c6aeb4ac138f69e967b712ddf91b7d5b2339e3a97d4fce6f7d48379745e2cb2e
GuLoader
d11cef47f0e97409844b3bc448cfabcfd7f97a4289012ba50e4b7175f5f4c870
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
e1ef53521aed004fe790b232883a12cb5f241ead4c81718b08ac0150323563d4
GuLoader
+ 5'106 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wgkjr8l65n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 88caa886b13c0edbf8f0a2ab014184974674d41d8834421863891a666e83432b

GuLoader

Executable exe be4614de71b42f1015076a3c708c09f911091333bdca1792450eccddc5ab1484

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365502/
  
Dropped by
MD5 45c6238b82258ca4260d7d5107537dc5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 88caa886b13c0edbf8f0a2ab014184974674d41d8834421863891a666e83432b
Cape
Cape
https://www.capesandbox.com/analysis/5703/

Comments