MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d4bd4bcfe5f31f317eabc6780b91c1499f4dfc22025cfa6eeec3bc188207dc3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d4bd4bcfe5f31f317eabc6780b91c1499f4dfc22025cfa6eeec3bc188207dc3
SHA3-384 hash: 406a8c4969b1bd6fe5728590ce18354efe1cb5135a768e3cd0cbfc6bde380ccca69e21b7a129fd6ae21dcce2a6f528fb
SHA1 hash: 39168633fe4c2f5d3dfdf9677c89dec1fd68f9c8
MD5 hash: 7b954ae2e78326e015448134a21ea6c9
humanhash: high-blossom-burger-video
File name:XPE-S0007-LT-002_SPARE PART LIIST.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 07:53:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f5ac698f48a45ce084344ecdb29b016d (8 x GuLoader)
ssdeep 1536:upBO7b0kWQK1P1pFs0/hxIc+VoFX9in8H6f+5u8JnAbD:upBO7bNWQeNw0/sc+i55tAX
Threatray 151 similar samples on MalwareBazaar
TLSH 9DC308237AD90D52DCA98FF14CA3A57769236C2079148F173641FB1D2B761C23FA1726
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm47.hanmail.net
Sending IP: 203.133.180.235
From: 이태수 대리 <poskyung7878@hanmail.net>
Subject: FW: [XPLE PJ] Project RFQ/ Spare parts list [예산견적]
Attachment: XPE-S0007-LT-002_SPARE PART LIIST.IMG (contains "XPE-S0007-LT-002_SPARE PART LIIST.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1FaIrcjvh13I-GykLsBIbuVk9NXRIJfyH

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5651/
Detection(s):
SecuriteInfo.com.Trojan.Agent.ERLN.15143.11595.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:36:42 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
242048a88fe7eb08cbd3de9cd13d0dad6f532bd8f85fdd8dcee59d7289f6c9ab
GuLoader
2a4737c791956f7c020af62490a855297096797a632a39e493ddf19365916456
GuLoader
4dce60ed857ab264ba4db32dfa8a3f4b3e6cc1d94cb2cb48bd33a98f9bf9f692
GuLoader
6d192f66f0fbf8a2f9311a12b5905ce6a19ecd28e7c483ccfedaf0b5b153c0eb
GuLoader
70399b135fa0365dae66a01b072dd8614be73c7ff2b4cc51caeeef64dfc60ef5
GuLoader
84f409f8aee0cf253fba68ae4027348449045f7bfb8723ac8fe0336c21c0b0f6
GuLoader
9848da60b74c19523583a237900008a3fcb268a9a4000c352f944f7d9f0d78e3
GuLoader
d44e6b767f7bc663a04cb2e952e202eee52f0914a35115fa8129cee1228a31f3
GuLoader
e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855
GuLoader
fdee0aef0be932935554b59899df6f51b2caea4d730ca1179158c15f62a9ccf4
GuLoader
+ 141 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-entgt56q42/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 46668542b411188a63bed9f565cc37793ad443d3198b21d7ef00cf2248945d01

GuLoader

Executable exe 1d4bd4bcfe5f31f317eabc6780b91c1499f4dfc22025cfa6eeec3bc188207dc3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367850/
  
Dropped by
MD5 ae700742626a2ce9384cd26456fe4ee5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 46668542b411188a63bed9f565cc37793ad443d3198b21d7ef00cf2248945d01
Cape
Cape
https://www.capesandbox.com/analysis/5651/

Comments