MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ae403046763d7ad06e583b4b69d90bec18daab8d68255e93cfe2f58d5bd8ddd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ae403046763d7ad06e583b4b69d90bec18daab8d68255e93cfe2f58d5bd8ddd
SHA3-384 hash: bd751e3b5d5b8f49c916f2e2744919bb3d0992b60dc22a30bb94d9c9b781cc7d03dd2a0050261655afa3a7fc66109d32
SHA1 hash: 54cdd3b3a943f481eb3248eceaf3b8718813df94
MD5 hash: e06d48ef8e03a0e8d5840c12cc13dba8
humanhash: may-speaker-queen-mississippi
File name:mhlamu.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:15:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bc2e556f01cd1bfe618fb846f08eccff (2 x GuLoader)
ssdeep 768:uhmhc7416N8lBR2zBrsVD400a8Pr7dy4gaBR2encc0IWD5Cp1LCcT2e:gmFO8lL0sVij784dB9RED5CvT
Threatray 1'017 similar samples on MalwareBazaar
TLSH 3E735B076E08DA12D6B045B42C63C76E3F06BC1C86861A4B385E7E5BBF323B16C5D61E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Mahmoud.samanoudy" <Mahmoud.samanoudy @elcosteelgroup.com>
Subject: Advance Payment
Attachment: SWIFT COPY_MT.001 (contains "mhlamu.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1tsTQRLociE3GjnaVy6plZ1LWlGi3QARi

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6071/
Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 09:33:07 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dlsagbdhmpl22bxfqo2lnhmqx3ay3kvy22bfl2j47yxvrvn5rxoq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a058410467d9a9aca36e588d9e3a0436b90b949c352f05ace83aa244e2567a2
GuLoader
2c27feaca7c04d48cd54730df7e4c89dc200d18658fd78c6a3388a94f15dca9b
GuLoader
30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
a8c03f50ff8217b8e4fe7e650360a566003875d0a943af2f2b3b895908872e4a
GuLoader
bb137c0c0742c9ed929b15effefaf71351c1a021e9c0f573f864eff7433a5218
GuLoader
cee8a845815daa1914a89033be9f89287fab6194e8b8b700ec058013d6fa8c54
GuLoader
e593391ad50139b1e2dadad4f36cee1b7dc167473767854c2493e968d8e97d6f
GuLoader
+ 1'007 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-srsgst7ghs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 106a38e445a1accaf82e376c3a58a4e1e391e1baecb77f2aa82b4d3f4862e9d0

GuLoader

Executable exe 1ae403046763d7ad06e583b4b69d90bec18daab8d68255e93cfe2f58d5bd8ddd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374275/
  
Dropped by
MD5 659d02e73901a83ca7179ed45d581520
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6071/
  
Dropped by
SHA256 106a38e445a1accaf82e376c3a58a4e1e391e1baecb77f2aa82b4d3f4862e9d0

Comments