MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
SHA3-384 hash: 846c9871a40cdeb80c26ab7ac5b542cd14f4e028309bb475a0a730d7c527947d11eef25c836ef0798838f5eb743eb44c
SHA1 hash: 0138832da5dba5c4759760a3026f9da0af157b66
MD5 hash: 341d586e5c01e7bac68d1b41711bccab
humanhash: football-sweet-violet-floor
File name:Wire Confirmation_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:18:02 UTC
Last seen:2020-06-04 05:56:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ba3af5a58331da1d924015f8106fa5be (7 x GuLoader)
ssdeep 1536:94FO8lLGg4vFkiLBLQ8KLzwKkwNviiPPfqc+d9:dvF/Lq88zwD6Sn
Threatray 1'403 similar samples on MalwareBazaar
TLSH 0793F6477AE45501F5B24A712EBB82A96F26FC294D438A4F350D1D4B7B30762AC6C32F
Reporter abuse_ch
Tags:exe GuLoader UPS


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: m1.valueserver.jp
Sending IP: 157.7.184.31
From: Cindy Lopez<123@mayonakalab.com>
Reply-To: <Cindy.Lop@aaglobalimports.com>
Subject: RE: RE: RE:UPS Shipment 779945110T:**WIRE COFIRMATION
Attachment: Wire Confirmation.zip (contains "Wire Confirmation_pdf.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/group/gld_BJLCSDOEDs225.bin

Intelligence

File Origin
# of uploads :
3
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6088/
Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 05:50:42 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2jtj6coltvcxuc5r5pd5wwomb5jxpdv7f66zb6clpq75lb5bbg5q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c
GuLoader
1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947
GuLoader
4e16c663be416ebc214f67367811ccbfec46102cc9ecac856b91f58ff775885d
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
9d772f078ebff5dd18830b266cf39eaea44289e765d6290e8589e684a22d0946
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
+ 1'393 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-d9ga8wj7ea/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 50be24ee32d044487eb5c91c71076299f92dc510209202a89745fb6f62fb853c

GuLoader

Executable exe d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373165/
  
Dropped by
MD5 b90066ed887041c716766d2654c356fe
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6088/
  
Dropped by
SHA256 50be24ee32d044487eb5c91c71076299f92dc510209202a89745fb6f62fb853c

Comments