MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
SHA3-384 hash: a07d823bb66bdc5684eeaaeee12e3ac6b7056c077809a7538ca7909270982afe43eae9ee1232eb1e97c04b2d15a8c915
SHA1 hash: caa679f3d83d1b05c68bf5c0533b9fc28f7b8451
MD5 hash: 6b54b2942679c2ae4711b6f523e58cbd
humanhash: moon-ack-one-whiskey
File name:PO#AM908.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 07:52:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5674bf37844e8ca48431e69cb37622d3 (2 x GuLoader)
ssdeep 1536:4S4JvRFVqZg2nEudW4cFH0bO3p6kw4qH+VALNBq5F8Gzfbi:56JFVYgZyVcFiO56xE5Xf+
Threatray 266 similar samples on MalwareBazaar
TLSH 7CC31913B5D56CE2E8584FB24C6319A71D26AD327A180F573706FB6C27366CA3AF4306
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.onethaifoods.com
Sending IP: 45.95.168.240
From: 巴林·阿什利先生 <enquiry@onethaifoods.com>
Subject: 回复:回复: Find PO Document List Attached
Attachment: POAM908.gz (contains "PO#AM908.com")

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/am_WvjMhLPD74.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5649/
Detection(s):
SecuriteInfo.com.Trojan.Agent.ERLN.15342.8754.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dynamer
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 01:14:47 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
28dfc81c0660d22a889fa79cf30b0698e1f4c78a6693c277931868b67b29646e
GuLoader
2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
7ef7ff0660d406b237fd3253738d60a294c0273ca1436cf9ba87d5b2ea8d62d8
GuLoader
b092a330b736b90c25196d0784455f5d605aae83dca16f8569451236204d0976
GuLoader
bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855
GuLoader
e661bc38b20992b846232fd3d6cbe914bb46ae68b39ce7e7a348be2ba5261851
GuLoader
fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464
GuLoader
+ 256 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8gtzhy4l9j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip fecf149365093ef2542e22e62e8c80dba037633f331af3eb70c8c21b834ca8c1

GuLoader

Executable exe 46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368731/
  
Dropped by
MD5 6260e13ff8fa240adb5f35325e1dcf11
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 fecf149365093ef2542e22e62e8c80dba037633f331af3eb70c8c21b834ca8c1
Cape
Cape
https://www.capesandbox.com/analysis/5649/

Comments