MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e84acdb102f2437d07c3a28a7d06be9c322ce0840a2627bbddf01d49d337bfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e84acdb102f2437d07c3a28a7d06be9c322ce0840a2627bbddf01d49d337bfe
SHA3-384 hash: e36e839eb281ac3836241b3c736fad8ab4bb2b5a2656400cf7055f64ec37ff41898c06cd79c0da943e2f4327d7c022c2
SHA1 hash: 56d69e4e7599cf79a34eb09280bce10dbf65f183
MD5 hash: 5dcd7ae7665ea64ab52cb6fc3c2a1a01
humanhash: triple-football-tennis-nineteen
File name:XLPE-S007-LT-002_SPARE PART LIST.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:45:21 UTC
Last seen:2020-05-21 09:51:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6152063607e32a493287cf8dd6229ec9 (1 x GuLoader)
ssdeep 768:XguWU2CP8z3ak7iK7Z7fzkxJXCUopFZ7F9bWMPSUzmyKCaS6ctOxrqrkW6bXz:kUS3dGK75fwx9CUoHZ7XNlzyW5eP
Threatray 4'992 similar samples on MalwareBazaar
TLSH BAA32A31F650DEB1E53887FE2E314A1C272BBC761A11CA4374CABF4D06F768A946431A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm42.hanmail.net
Sending IP: 203.133.180.230
From: 이태수 대리 <sysone255@hanmail.net>
Subject: [XPLE PJ] Project RFQ/ Spare parts list [예산견적] in SPIR Format (S-007)
Attachment: XLPE-S007-LT-002_SPARE PART LIST.IMG (contains "XLPE-S007-LT-002_SPARE PART LIST.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1EHd2rbMM3Uk3HLNpObCSrOSR-0b47MUmC

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47933.17257.19399.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 03:09:06 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2ckzwyqf4sdpud4hiukpudl5hbsftqiicrge65534a5jhjtpp7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
11892c93ce6ecc668a92bcbb2e618edbc40f87cea8938e2dbe7061cbc6d1f689
GuLoader
157ef05047452109ec1552af00806f1469254bc14a5cc942e41180ee82d508a7
GuLoader
1addf02f5d774ba71d7a58cb46726ef51f5ac38dcab72ffacfa06bd3df537fe9
GuLoader
1d1c9ee0b1adaa5a121fd70d332785395ad22538f9cdc7db44414c1604e28919
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
2fdb0d7b083751a10db872738e974f869b99f2ca21891a5fb96bc9440f827ffb
GuLoader
30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe
GuLoader
59fd7c02b088d002266c00f7f97f083d578fa76be1a1981961d6f411817f3f25
GuLoader
8058effea9cbffe67d3cc69221eda22862586eecdb7c9409b4f9fd6eab6ea04f
GuLoader
+ 4'982 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8k7zr19n8s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 82f1862d1692ce67a4dd7f6217b7969b14b720ca18b7a81281046f513e8603b7

GuLoader

Executable exe 3e84acdb102f2437d07c3a28a7d06be9c322ce0840a2627bbddf01d49d337bfe

(this sample)

  
Dropped by
MD5 b45783ba944c3f420e311d0b625dbdc1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 82f1862d1692ce67a4dd7f6217b7969b14b720ca18b7a81281046f513e8603b7

Comments