MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f
SHA3-384 hash: a256b5dbdb958303da1c1d5467101b86b08ea4b9ac5c7c32e5359a126b8fd683fabd770b2a9bf10886e99fd0996904f0
SHA1 hash: 8372fcd72716ba5e2d5f354e73359e0104c348f0
MD5 hash: 49f8df45432c65920dbad1a33f1eb4b9
humanhash: lake-burger-single-oven
File name:Scan Docs_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-28 13:14:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e21c8eebe33beaec2143109735de5f0e (1 x GuLoader)
ssdeep 1536:3Cd/0T1t4TwSs9NGIGFiaftmTI3BqCjQaIcW6q8gXL:K/0B209NGIGFPaIRqCyl3L
Threatray 655 similar samples on MalwareBazaar
TLSH 5B044B26F348ECB5D66549B0D8E2C4F40431AC34C8178A6776D07F2E3A7E18D9D6AB72
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hosting.comfrel.org
Sending IP: 162.241.208.147
From: ROKONMA (S) PTE <azlina@rokonma.com.my>
Subject: Please send me price list.
Attachment: Scan Docs_pdf.gz (contains "Scan Docs_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1TGM04C2zh0icvRKXEOoymZI40WFDTdhd

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5852/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMEF.3736.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 11:27:34 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0005e5022cd608e05426c717720cab930b17de32f9afde7af7db5bff68db21ea
GuLoader
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
4e16c663be416ebc214f67367811ccbfec46102cc9ecac856b91f58ff775885d
GuLoader
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
GuLoader
63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926
GuLoader
6f47b4825836d58654b05deac55c892825a83e479c406b9b027a0dc6bd8e3938
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
987dc74919f44878a84a0f55e4edb62da489c9423dc048bab596f16dfac56942
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
+ 645 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5eklpew3de/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 339e6454c099c3527111098d1c960788bcb27ba5c793623b2fc0bd761fd2c082

GuLoader

Executable exe c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370984/
  
Dropped by
MD5 edab333ca632b9fb0d63b06615ef37a0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 339e6454c099c3527111098d1c960788bcb27ba5c793623b2fc0bd761fd2c082
Cape
Cape
https://www.capesandbox.com/analysis/5852/

Comments