MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e943534d22e73e0d062b7917c007b744ce19014e0a0c90dfd37219281bcf204b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e943534d22e73e0d062b7917c007b744ce19014e0a0c90dfd37219281bcf204b
SHA3-384 hash: a82490e767a7432692ca37b8d72081754a851152fdd60fa6d2216289755640d0a2372ea0ef5b1de03b528fec7a242fb9
SHA1 hash: b52d90365048cff0260cc0ea7911b1d3ed89c8dc
MD5 hash: 0053c151b79516aef5bec9ba7bf8434a
humanhash: fanta-lemon-speaker-dakota
File name:file.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-13 10:04:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7f5a0c5192ef1794f82fd88f8c8e40af (1 x GuLoader)
ssdeep 768:wQbYoSZaojQMXloNDbZAKdCHxFh3LIe4EksBTGFa0STy3toqLBe3AIZgmTOQh5hv:lqaQVVQCKwHxFF4IBaeABQj
Threatray 793 similar samples on MalwareBazaar
TLSH 52932C12F594CA72D36449759B28DFEC02DBEC70261199472ACA7EFD0B37B45722223A
Reporter abuse_ch
Tags:exe geo GuLoader THA


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mx1.chaiyohosting.com
Sending IP: 58.181.206.8
From: Sunisa Arunsiri <kyvc_engineering@hotmail.co.th>
Reply-To: bbkeIc@outlook.com
Subject: คำเชิญให้จัดหาสินค้า
Attachment: file.gz (contains "file.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.41030.7528.10546.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 05:07:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5fbvgtjc447a2brlpel4ab5xithbsakobigjbx6toimsqg6pebfq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53
GuLoader
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
GuLoader
5d615e82f2b0a90f4d7b50e17fa070d6ce5684bde0a5de1d0661f2d166af964b
GuLoader
65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc
GuLoader
8fc12c74c5af599fd99d302b2429d8c8a5d3a5d243d7941758fda223ee3cb7eb
GuLoader
b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
GuLoader
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
GuLoader
dd57430d1f109d9a87f2959eea95f3162418c176cb7ca9878a64a4a879a2820c
GuLoader
eaf38de6ac4347ac84bcbe648301fedfe021aeafbc3bf40404a4003117a8967a
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
+ 783 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sc3mzewnn6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 1b144dba04aad21077a171e5343a23ef5e14a0399f94f14dbf4383096d65b284

GuLoader

Executable exe e943534d22e73e0d062b7917c007b744ce19014e0a0c90dfd37219281bcf204b

(this sample)

  
Dropped by
MD5 5a44cc7a3f8782def9cc5e42aec700d1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1b144dba04aad21077a171e5343a23ef5e14a0399f94f14dbf4383096d65b284

Comments