MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb929a20bfd4d36c126f3d26b95aadf256f2f85ef3b2564f9a79fd7cc92f7eb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb929a20bfd4d36c126f3d26b95aadf256f2f85ef3b2564f9a79fd7cc92f7eb5
SHA3-384 hash: 82164235b0c9d2581f30fb806d5a5ef405f70129eabb3643b26df03c1dc1e3be14c74d3e40b0a1d39a000f3bb9b7e58f
SHA1 hash: a75988e5309d604fe3b2168638345b0a984d9f6b
MD5 hash: c742a66c3b6037e2c5f570c0ed5c9068
humanhash: april-ten-harry-freddie
File name:20200522_wj2.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-27 17:14:58 UTC
Last seen:2020-05-27 17:50:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 21354526ea16465952e3952589927f88 (2 x GuLoader)
ssdeep 768:GROSvEfa58porkDaNcAdGFo3HGRLxnW6yoPDXvrNS+G8j7/V6LmvCcek:o9GpoVNcCGFo3mRfyoPDXDNS+tgy
Threatray 390 similar samples on MalwareBazaar
TLSH 0FA33865BA94ED90D94988F22A774768292BFC7904468F43B7CB3B1D3933AC1D726307
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 권용한 <hth0412@hanmail.net>
Subject: 발주서송부건
Attachment: file.img (contains "20200522_wj2.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=17IV_sFhtY4dPcv7rF-v09qDLrucCeAbC

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5742/
Detection(s):
PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:37:13 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
03b8ed717d92754a5002afcf6aff7e42e45330465bf2706bf6d8a53ba6f7250a
GuLoader
2a3b5f4a6e6d41c86a9d25ff46831b1bcf73db123bf659d59c8125c147afc895
GuLoader
3e7c9776603755bddcdb1093fe8980f16a0b0228d45b9bc83a4d8fef1e1d59d1
GuLoader
9620e9e95846fd7b21206464f6e5493290e869a425887621835ecc2a0de82101
GuLoader
a34a05f4fba031be97dcc4bb04e0e45a75d1034cd2d32177b26a65de7a1306a0
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
e180e8ae6521bb30a7baaeaf95c7583815922ef07c695c5a6fc7c123b6442d7b
GuLoader
e76ee0db44278c0742805ce66786923629cad847ee8c650214a36a1ebda37c69
GuLoader
f4e3a5c0dc83e93f54af3543efe40a1a984c4eb25be88b1259b685e06176461d
GuLoader
+ 380 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lhhxahkacj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f1055935b94ea812f0366f4d3b5d05b3d58368f9a70432a348ad696739c59675

GuLoader

Executable exe fb929a20bfd4d36c126f3d26b95aadf256f2f85ef3b2564f9a79fd7cc92f7eb5

(this sample)

  
Dropped by
MD5 8ec31f4fbaa25cdf88adbb44ae54b4ee
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f1055935b94ea812f0366f4d3b5d05b3d58368f9a70432a348ad696739c59675
Cape
Cape
https://www.capesandbox.com/analysis/5742/

Comments