MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15b394d8f614faf02d551b0034f2882c052587d717fd4e0966919aeaf1e7ae87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15b394d8f614faf02d551b0034f2882c052587d717fd4e0966919aeaf1e7ae87
SHA3-384 hash: d4bfa71f98e7b83574482bac5abf27f35644fab5ecb4ae7d7a8520f43f68407dd0c9695ccce508bc244c6ea5e03fda91
SHA1 hash: aa9d684502a22bdf111fd82515d27ec8e15ea921
MD5 hash: 7a6113afd11869ca824c021efff31867
humanhash: alanine-alabama-texas-red
File name:BOQs and Discounts-check.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-26 13:42:55 UTC
Last seen:2020-05-26 15:24:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 57af248c5b4a959fd617f15fca0e7eb4 (1 x GuLoader)
ssdeep 768:aHuXUiaStwReab29Aqbkhx99Oq0c7nzbTUVW7XZjuPbUV1uyHHybgvICMCDhACAt:KRStwA9AqbkvTnbRuz619HHCgvNMsM
Threatray 851 similar samples on MalwareBazaar
TLSH 93B3E7133CD49CF2E87CDAF58CB2AA580E65BC546E014F27B645FA5D65326C92CE032B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: demco.co.th
Sending IP: 156.96.59.92
From: takarn<takarn_nic@demco.co.th>
Subject: 115/22-3.3 kV. SUBSTATION EAST WATER
Attachment: BOQs and Discounts-check.zip (contains "BOQs and Discounts-check.exe")

GuLoader payload URL:
http://rayyanceram.ir/gozmanss_USuhOzVInY126.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4951/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Fareit.cz.14205.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:35:51 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
6636e2fc73775db0845a29b062fbeb0ddf5f724909ba9507c51f57e4080de8be
GuLoader
9b330bb1491b230182ada7cd439a91edbf552bae7494a2ce6ebf55726660b086
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
be4614de71b42f1015076a3c708c09f911091333bdca1792450eccddc5ab1484
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
+ 841 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-q7t6fytg46/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip c97792c52aaee17c0f21bfbb8c14f3eab6cd236d170574d1baeba4d2e25dc7e4

GuLoader

Executable exe 15b394d8f614faf02d551b0034f2882c052587d717fd4e0966919aeaf1e7ae87

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369187/
  
Dropped by
MD5 784e59d39ac73acd7353c7b1c508d04b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c97792c52aaee17c0f21bfbb8c14f3eab6cd236d170574d1baeba4d2e25dc7e4
Cape
Cape
https://www.capesandbox.com/analysis/4951/

Comments