MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e97244bc82d914b843dadf51702073bb1746d2e9d67f66e5c5aeef31f549a3c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e97244bc82d914b843dadf51702073bb1746d2e9d67f66e5c5aeef31f549a3c9
SHA3-384 hash: fd7a26a575f10eb73b7a7df3a1b81e974e66e0716535e2d1d3964ad70424513a7aface567925498c58bb47a43006e032
SHA1 hash: 40da15400fe0440073e68103c3638a383ad9444a
MD5 hash: 91f8eef34344f686d368cf63c09e951d
humanhash: mountain-mobile-equal-india
File name:WJ120200528.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:22:16 UTC
Last seen:2020-05-28 08:22:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 60088cca087df0eaa2d9b53a67753962 (1 x GuLoader)
ssdeep 1536:i5e/qYnHwZfCNY8cdRZFiBRiLTpHCeUn/V9FYteeEfM++cBeYjCO05TsxNNO:LiYnQs+dRZs+UbKte7+cLS
Threatray 188 similar samples on MalwareBazaar
TLSH 2214182AB21ADCB5C6C956B4DDE1D0F80451FC21D90A8A1B75C03F3E727A197AD7233A
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm32.hanmail.net
Sending IP: 203.133.180.216
From: 한석 이엔지 <kmhgreen@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: 5-28-2020.img (contains "WJ120200528.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uH0s29YDq24ILt88VfzVhWxfxvJ0YhTe

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5810/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50244.20621.32446.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:59:08 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219
GuLoader
1ea235444a0510aeabcc31b2092268c3d0d12d82130ad2cb4b9024246e54186b
GuLoader
25e1551ce3ed0f99ef77a16166273dacfbe6d0a37c9998a2f6c68639d21fc35e
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
6c47beb6dad9fa342b607b9868de8560ede70fc5cf2819c0269c5d6fd6c961bf
GuLoader
9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff
GuLoader
b0240d2ab275a142c3ba13632ebb00fd6cba189613ca85e4d800eb640ef0cd9f
GuLoader
dbe3adc3ffef68644b53d19190b59e28e31b6caedb7ba852ef2158e662921a37
GuLoader
f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844
GuLoader
+ 178 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-z23qwjg7n2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 49589031e5a665c62726275bf4d8eae87fa273d3eda9609937e428fe62b22b4b

GuLoader

Executable exe e97244bc82d914b843dadf51702073bb1746d2e9d67f66e5c5aeef31f549a3c9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370279/
  
Dropped by
MD5 9162d23cd87944a07b895a80c95a3ee8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 49589031e5a665c62726275bf4d8eae87fa273d3eda9609937e428fe62b22b4b
Cape
Cape
https://www.capesandbox.com/analysis/5810/

Comments