MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b
SHA3-384 hash: 7fc8750f9b19ec284ffd7edfca65544ed59387f76d7825c09a83585558c91ceb4505fb6ad042ba327361765c78c3ac80
SHA1 hash: b6ecaa11a09f432b9bc3ae0e83c10979ca9f5eb0
MD5 hash: b1937cdd50c9e3edc50669f06cbf15a9
humanhash: floor-ceiling-violet-wolfram
File name:Payment_Slip_2020190002602329.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-28 13:15:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6117bcc99fa1fcaffbf480a7bac5f22f (1 x GuLoader)
ssdeep 1536:Nvofx6NmOdgHcnLRowhaclaXlCwpDhwZUikWAb8G2hX2EM22VIS4Yr828P+W:qfUcXHcnLxClCwptwZUf72p29FVvK
Threatray 892 similar samples on MalwareBazaar
TLSH 57041A267A45CCBACE5042B0D8E2C4F42921BC58CE178EA776D0BF6FB57518A9F25331
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host130.cityonlinebd.net
Sending IP: 113.212.108.130
From: admin.itax2@kra.go.keĀ  <admin.itax2@kra.go.ke>
Subject: Successful completion of payment registration
Attachment: Payment_Slip_2020190002602329.zip (contains "Payment_Slip_2020190002602329.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Uo6BVYwXF3O123BoK7MiFTK2ok-Whs9o

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5857/
Detection(s):
SecuriteInfo.com.Variant.VBKrypt.55.27532.17818.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:37:16 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
7 of 48 (14.58%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
6dcf4557563343e881daf4b7d7b01e372457cee637ac001a1102a2e67a69cbf8
GuLoader
7a7760c4a4b1244950ea0fd475c53005ced18cb314a2e0fc4499086582e1a5aa
GuLoader
8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
GuLoader
a3314185c4c7b813105231aa59fbf2045b1fa595fd4bf322370112926afc24a7
GuLoader
a55a495af0977a693b67da780d734c4a8fe65bcc0a54f06079d79ac60c555200
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
ed1148a724d239376a2f9564f23ae474c2f862d9d4e2b8706d955db399cf28f7
GuLoader
fb6a49d393c339750c2effe7797cf304d7d9bb8c95fdaa3431af177f7a677ba8
GuLoader
+ 882 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m5pv8nzwtj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ee941afc9a00495b2572b254c2aab95133503327ba77479d9b25845358961542

GuLoader

Executable exe 0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370988/
  
Dropped by
MD5 66398e7abac3782acffe0b6886e5e622
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ee941afc9a00495b2572b254c2aab95133503327ba77479d9b25845358961542
Cape
Cape
https://www.capesandbox.com/analysis/5857/

Comments