MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6f2ddb3eb2696dc88121f6cad6fce9c0b023d4aa1f8a31e912c7577b2e08e32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6f2ddb3eb2696dc88121f6cad6fce9c0b023d4aa1f8a31e912c7577b2e08e32
SHA3-384 hash: 9e452c0578a67c772eab47c768bd9940bffaf066e75219b875a11f99a2d8fea6b1b5115d22440e206146fd7698d6fd6c
SHA1 hash: 56c9e77edbc6e0c59fca9ab1bec6a3b6b53515b9
MD5 hash: 1948787e848758aad4f5712626724c50
humanhash: sodium-lima-nevada-fruit
File name:Shipping advice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 09:55:07 UTC
Last seen:2020-05-22 10:52:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 60a96472cca422bab9aaa742e0402861 (1 x GuLoader)
ssdeep 768:fSE/ccRzIR13ON2RaaK2agDbRwm4jp5DSXLZTJAF2UpttAah:KEbIr3O/z+b2m0pFSBUtA4
Threatray 5'120 similar samples on MalwareBazaar
TLSH 90933C11B850DC66D9684EF76E39CED215AB7CB01E144B1B38C83B7C7A33942A92176F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp1.hiworks.co.kr
Sending IP: 121.254.168.204
From: Seon Won <triangle@cnilogis.com>
Subject: Fw: Shipping advice
Attachment: Shipping advice.zip (contains "Shipping advice.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Zkp6lYWfhKKaXXb76nvfWKLHBqPmer7C

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.44564.15213.1861.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:40:55 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2302aa79bb34eb683a91324995a9fb366bbbe55dffb53deee00b842e75ad19c0
GuLoader
29247c960e16e376148704241453b7a008a62c050e9d11b2bba111452acb7fa3
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
4359188e33f22ea7022cb6e57a3870f2613a1c37dbc483475e02b38cde5bfa8e
GuLoader
753c4a5c9bceed532539009df6ac3e0aa3c131297a082a2ee8ce6e94b05ced35
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e
GuLoader
9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
GuLoader
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
GuLoader
+ 5'110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-9ck4tssmas/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ce8cca2a7fa7de5865ad68b344af63fcd7579bd57115cba481b3276a1c8f35e2

GuLoader

Executable exe d6f2ddb3eb2696dc88121f6cad6fce9c0b023d4aa1f8a31e912c7577b2e08e32

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366491/
  
Dropped by
MD5 07777e1e75edef92f55943add1ef7343
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ce8cca2a7fa7de5865ad68b344af63fcd7579bd57115cba481b3276a1c8f35e2

Comments