MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e002a7458ce812cec1807f9bb53ea52949b105db60908693365e55cc04d2f6a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e002a7458ce812cec1807f9bb53ea52949b105db60908693365e55cc04d2f6a6
SHA3-384 hash: 176f82b5f98bc79365a6f4b6290ed4ef68c68be581f17f63056d7dbee686b83e0dcc27412dc2992911f0e1fc6a275253
SHA1 hash: e0d3873dba7e97a241289084a717d1a3563b7fba
MD5 hash: b612e5199220fd7a0c9af3a4d897f639
humanhash: red-ohio-seventeen-lemon
File name:ugudeligst.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-21 10:25:56 UTC
Last seen:2020-05-21 11:15:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b6372e4f026d38b9422759b7dbc6aa51 (4 x GuLoader)
ssdeep 1536:9mWhH5PbAdXm2jCqc2P0Z+9nxQokcFxLi:gWN5PbAdCksI317i
Threatray 77 similar samples on MalwareBazaar
TLSH 24A33C31F79D9E11CE04CDF11DA54A6920ABBC7855228F4BE4C77B3C1933E82E97624A
Reporter abuse_ch
Tags:DEU exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cloud415.mxserver.ro
Sending IP: 31.14.13.123
From: cardnational.bn@casbn.ro
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 21-05-20 Rechnung_20-613129926-001
Attachment: Rechnung.zip (contains "ugudeligst.exe")

GuLoader payload URL:
http://156.96.118.179/RSol.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.31267.9542.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:37:16 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4abkormm5ajm5qmap6n3kpvfffe3cbo3mciinezwlzk4ybgs62ta._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
007062a34e83708ffb082b43d65c65bb245a5dfb699bd7d455400c1ecf8ca9fb
GuLoader
1e997f4144eb94f184308c7ebe6dbad709cf7151721c563e43a92d52539d4e1d
GuLoader
270b7f2dfa665133fe2d57069e4654b4065d5d919e4b881ab28ec215273bf767
GuLoader
2c70b55a898ef83a75e8558047851e40d839b5a1c151b967797c3c4d2afd350c
GuLoader
4efb9c06d7fbfe766220885b9f1320589cf9ae96a900a935e2d1ef3cfa971a3d
GuLoader
62f73fb22702076bbd04accc897fb3fb2c3b203048eeef1fd943571f027d5cec
GuLoader
7a760430295f2983742510a35642ce550c0bf4f8f9632f027bbb11de037126b1
GuLoader
8ab8e638e67326a2635951855e466a9df0a3c699da6a51c7feedb143fbc8a6bc
GuLoader
a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14
GuLoader
eedbb575580c9efc8e2a065c6713d388094d08b54d7d4e383ff7ee9446646241
GuLoader
+ 67 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-emhxnvzfmn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 82bb6f708056e9a9910dc48a118bfe57d8f259b76f92082254a6f9e7dc22e861

GuLoader

Executable exe e002a7458ce812cec1807f9bb53ea52949b105db60908693365e55cc04d2f6a6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366085/
  
Dropped by
MD5 40cb3b5a162f9bfa5c2e856155cb4a7a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 82bb6f708056e9a9910dc48a118bfe57d8f259b76f92082254a6f9e7dc22e861

Comments