MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6aeb4ac138f69e967b712ddf91b7d5b2339e3a97d4fce6f7d48379745e2cb2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6aeb4ac138f69e967b712ddf91b7d5b2339e3a97d4fce6f7d48379745e2cb2e
SHA3-384 hash: 46674549391d6695da1d890855db357a1776788c8676b10bbc7a7e6cfcf909680ebe99b70b182e759058c36e1e3fda11
SHA1 hash: a4ec056887aa360a9bf85d3764b76ba222e0efd8
MD5 hash: 99fa81b4db948649dddb3cf2d63c0300
humanhash: juliet-tennessee-seventeen-sweet
File name:New P.O #127845.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:17:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 89cd50791f02ede0e8f70e3f0c4f9964 (1 x GuLoader)
ssdeep 768:MITlnYqW4+Vubn74mG/Nh89H5dgLM4S2Pp7yXm2C:vlnYqW4+Vu3489H5dgLMh2BeC
Threatray 5'111 similar samples on MalwareBazaar
TLSH A8B3E613B5DCBCC2EF154EB31AE26DB81D2ABC654C605E0B341EBB4E25361946FB0716
Reporter abuse_ch
Tags:exe GuLoader Outlook


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: NAM11-CO1-obe.outbound.protection.outlook.com
Sending IP: 40.92.18.62
From: miriam de gomez <miriamsita_gv@hotmail.com>
Subject: Re Re: New PO
Attachment: New P.O 127845.rar (contains "New P.O #127845.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/sean_SgXXorh87.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5548/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCN.29498.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:37:04 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308
GuLoader
50644eb4c3d4ce7aa1074c0096b43b2c4e7aaff4ce9e9a650c62ae934f85c081
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
b596016d60a01e5fb98389d4d8fb68acf6bd7ffd43726c39532da508073a9a3c
GuLoader
be4614de71b42f1015076a3c708c09f911091333bdca1792450eccddc5ab1484
GuLoader
d11cef47f0e97409844b3bc448cfabcfd7f97a4289012ba50e4b7175f5f4c870
GuLoader
e1ef53521aed004fe790b232883a12cb5f241ead4c81718b08ac0150323563d4
GuLoader
+ 5'101 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dmge5djyra/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b29c6124a2bc583de944cd688f5326deb4143b97f721e3748cace62905893769

GuLoader

Executable exe c6aeb4ac138f69e967b712ddf91b7d5b2339e3a97d4fce6f7d48379745e2cb2e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365502/
  
Dropped by
MD5 91fae465ac6b6f215e4fb3e7b8571125
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b29c6124a2bc583de944cd688f5326deb4143b97f721e3748cace62905893769
Cape
Cape
https://www.capesandbox.com/analysis/5548/

Comments