MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
SHA3-384 hash: 6c93a8e341ef4d7448a1402d93da54151747e47679b10e49e35b6cb48f8a7c2cb19e891cd34d8adfbc8a1674971b8148
SHA1 hash: 2d145bda07a34b2209a1a995cc18efbdabe872f9
MD5 hash: 61c8e630f60240c89682be9c43f2020e
humanhash: florida-hydrogen-freddie-ohio
File name:PO#A908.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 07:20:07 UTC
Last seen:2020-05-26 08:15:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3b53f7508ad8924db79dbc7caca969b4 (2 x GuLoader)
ssdeep 1536:9an756qfH67h/pYFwWf642MQKU4WwTf/ZMZPBM08aec5R8koQbbO:4X/GhuFh2vXwTXZa5qQba
Threatray 56 similar samples on MalwareBazaar
TLSH 1CC3F71274A88C91EC288FB248639DA72D26FD3178541F1B3749FA6D36371CA7AF0716
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.cherters.net
Sending IP: 45.95.168.241
From: Yisly Devia C. <sales02@cherters.net>
Subject: ARQUIMED - NEW PO A908 Ingenny Instruments Co., Ltd
Attachment: PO_A908.zip (contains "PO#A908.com")

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/a_HRkhuXdkB1.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5599/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCY.3068.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 07:36:10 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
28dfc81c0660d22a889fa79cf30b0698e1f4c78a6693c277931868b67b29646e
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
6327c2d28925dd4680b13585501e34181fc4beefaeb08040d1c10fc91a16f0a3
GuLoader
b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
GuLoader
bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855
GuLoader
fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464
GuLoader
+ 46 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-p35wz4j1mj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip d0b88e7b5e8e414f87f2ea75a9dd42de11a9a3ab2c6e734daf094569d75fe240

GuLoader

Executable exe 2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368693/
  
Dropped by
MD5 52e77cefcfde4905f9ab964205574498
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d0b88e7b5e8e414f87f2ea75a9dd42de11a9a3ab2c6e734daf094569d75fe240
Cape
Cape
https://www.capesandbox.com/analysis/5599/

Comments