MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 253b92053e006314eb4999d0c399fea214273978dd0cd4ff012335116fe9d6fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 253b92053e006314eb4999d0c399fea214273978dd0cd4ff012335116fe9d6fa
SHA3-384 hash: eccc6535f2ff14f5bdd9aa6e28351f992e3ca4d50ab8ba5bca8ed7ac883946beb45ba35e157070ab5e15e66c1403d1e9
SHA1 hash: be4b8ce92b49ccc860954af61272f9b5b6e10c08
MD5 hash: f993152a5a5614b45b3459f336b837a0
humanhash: saturn-victor-mexico-paris
File name:COMPANY DETAILED INFORMATION.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:16:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba3af5a58331da1d924015f8106fa5be (7 x GuLoader)
ssdeep 1536:L3FO8lLs49+vBzblKLzwKkwP3iiivfvFmdR60:qi+v9l8zwDEm4l
Threatray 1'030 similar samples on MalwareBazaar
TLSH 6F9307137AD49902F1B24B716EBB82996B25FC194D439A0F354D2A4B7B307629C6C33F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: bre.r1host.com
Sending IP: 136.243.102.137
From: b.sakhipour@bre-line.ro <b.sakhipour@bre-line.com>
Subject: Re: Comandă de cumpărare HDDT/MSK929832020
Attachment: Comandă de cumpărare HDDTMSK929832020.rar (contains "COMPANY DETAILED INFORMATION.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/group/frega_SEyLI167.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6078/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:43:14 UTC
AV detection:
12 of 31 (38.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eu5zebj6abrrj22jthimhgp6uikcooly3ugnj7ybem2rc37j235a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ff7a063a7cb0d3253dbbe024a560b86c267b2a6e3a4d355f993e0e4361b6450
GuLoader
2ffbb987622b48ac9e1b3a53291f9af5a3949ba14019d43756a8219f66af0a86
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
900a6f47b5d63eeb95728c0ec9ae469d31564cfbb1849b34549ac0f8de28fcde
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
99d07b0682434235023da65216efdcc624d66c436e80745614315d4c68e8735f
GuLoader
aa7170f4c174314d883e1d0a98a14b8256ab63b7ad80dffd45d0ace33ace4580
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c8e91120db97c2cc33d799fb33cefcb6e199cb68c824500f22ec8fc1736a90b4
GuLoader
+ 1'020 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bgp1blebea/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

f644614442f0b05ee845d65e3f9d3e3d

GuLoader

Executable exe 253b92053e006314eb4999d0c399fea214273978dd0cd4ff012335116fe9d6fa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374161/
  
Dropped by
MD5 f644614442f0b05ee845d65e3f9d3e3d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6078/

Comments