MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e3260ca4d01f04afc383985273b2c6d24984eaf8bee60ab66d2c3b0c73d307e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e3260ca4d01f04afc383985273b2c6d24984eaf8bee60ab66d2c3b0c73d307e
SHA3-384 hash: c66d54137d906a8574b0201527502c2e3fc67b28f820eabd59310beb7f1bdbe2fae83eaa6a7bd95a1c2a0d6a231c996c
SHA1 hash: 9fb98fde2c7b709b43e9116de2d1fc34b9d2e0e7
MD5 hash: 38f77309631bcf97ff16b7ac6b7b83ad
humanhash: equal-charlie-whiskey-kitten
File name:File.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 09:54:04 UTC
Last seen:2020-05-22 10:52:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e4a86981418e007faf41d6e7b16fed8a (1 x GuLoader)
ssdeep 1536:RR5oVKI+ZWU+mZ7gzlwgAhm9VwCnBoCVAt0:D5oVKIO+mJoGm9VZnBX3
Threatray 806 similar samples on MalwareBazaar
TLSH 4B933A217A54DD66D8005FF24F25CA84037FFD3069104B2B62DD3B6C7A33AC5AB613AA
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns1.sundaehost.com
Sending IP: 203.146.102.27
From: Phillip Kang <Phillip.Kang@francoismarine.co.kr>
Reply-To: yjkang7@chol.com
Subject: Spare parts [예산견적] Offsore-Project(S-007)
Attachment: file.gz (contains "File.exe")

GuLoader payload URL:
http://creativewg.com/aguobodo_kmuDRGDn229.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.878098.31199.10798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 02:03:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06c39fdd95aed534806896a460c1cd568259e7b786b20abd7e923c4d1d4d8511
GuLoader
0844334598a3afd4d6c303956a1e56247c59e369b837b71ff31a55d1b404a4bc
GuLoader
2514cc0d95a79227b308e5834eb780ba105109fcc7fc02fc11ef3a03e61cac46
GuLoader
2b2166f900572c98775661fd3905d86451e7470c2e548fe234f20f2069c93331
GuLoader
8e01834fb94698ea94b41965f1847d283f14daaad211d567ee199b6b2caa0992
GuLoader
b6c1bec29e0a48af972c87b59fea2d07b7c271a71029dd7495b07ab288c99d06
GuLoader
c2fdcd6737639defbb98a8cb6d0799f59644599d77b0d8bb231a64dfba2a26db
GuLoader
c3242f5a544110304212594891c9f8bb0c2e61f29d904271a09f5b0f94437348
GuLoader
da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e
GuLoader
ff8da3f9d4933d6a6b600d3b34e2fad0e00d9a82cb056a33ed030c16d75a944a
GuLoader
+ 796 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qz87g9k8cs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 3e7dde83f4b7bfa3464ec0d9c3bd89de62640f18c900132c1a6eb553450886e5

GuLoader

Executable exe 2e3260ca4d01f04afc383985273b2c6d24984eaf8bee60ab66d2c3b0c73d307e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366488/
  
Dropped by
MD5 26fb1be8088fc04c3a8b993aaf1caf70
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3e7dde83f4b7bfa3464ec0d9c3bd89de62640f18c900132c1a6eb553450886e5

Comments