MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
SHA3-384 hash: ae1eea034f9956aedfd242696ad830f8a67d264d3f4fac9f79a1b7a1c997e45f411410447ba7543502e2fbb7da96613c
SHA1 hash: 75cc68dfe70e531fc63436540b8ac889574b6cd9
MD5 hash: 83d433b5cc692ed320b282586783b0a2
humanhash: social-sixteen-pennsylvania-floor
File name:HT_20200528.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:20:09 UTC
Last seen:2020-05-28 08:22:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b01e7b55deb7295c93bdc09c831f4023 (1 x GuLoader)
ssdeep 1536:tCIpyMEZdXW+Oon8dVFSCvfueZV3XzH7R3F5CyF2DqkoYhH1FlIH/eONHmSbQsg:sIpyMEX3Oon2VFXuejzH7Fqy1YhuLg
Threatray 202 similar samples on MalwareBazaar
TLSH A9144B22F75ADCF6DA9505B0D8D2D1F418A1BC19D8078A2B71C0BF2E3679183AD76336
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm50.hanmail.net
Sending IP: 203.133.180.238
From: 이한석 <namyang7904@daum.net>
Subject: 긴급 견적의뢰
Attachment: HT_20200528.IMG (contains "HT_20200528.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Xpd6NDiC_5uJf8lh-BUGbOjSrMARl0Zo

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5805/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50247.18344.8449.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Beebone
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 06:59:19 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8
GuLoader
4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
GuLoader
a183841ad3d2f5ce88d9361676673b77ea0610abac6c5206eba8f12dd8abb8b1
GuLoader
b5382684cba90f427975d7be5c938b3216b38f0f00e617f36c71535e4deb8059
GuLoader
b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967
GuLoader
c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60
GuLoader
daf9a22fa4f5634d74b6b04e7eb503ac16ccc3787d51b161d26a950d7733008a
GuLoader
e013766345fe3fc36669625205e1088b24b4c9cd5b42696cdcf3cd31d76c8a35
GuLoader
f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844
GuLoader
fdee0aef0be932935554b59899df6f51b2caea4d730ca1179158c15f62a9ccf4
GuLoader
+ 192 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5nl2fv8dnj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img e191fdf51b6c8bcc2f875c7d97b1a4ed110657f1552866e8aa16bd025292d295

GuLoader

Executable exe 286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370277/
  
Dropped by
MD5 7d62cd8a0e6019f7ebde01e932b7adaf
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e191fdf51b6c8bcc2f875c7d97b1a4ed110657f1552866e8aa16bd025292d295
Cape
Cape
https://www.capesandbox.com/analysis/5805/

Comments