MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47c4518661a80adc00b208c24ba1726bd1074360eec4c2e3d265f6c412f745f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47c4518661a80adc00b208c24ba1726bd1074360eec4c2e3d265f6c412f745f9
SHA3-384 hash: 9c943543ff10e6ea5a60161cb0a9049d75b12a68a7454a12215ae4ade068d3caaa051d4acbfddfef67c7aec01dec9c41
SHA1 hash: 8ddebfe1854b1b54c882e7de30d5ca68398a5493
MD5 hash: 2b8641a9769f1d7bd5051d8e38b3b4b1
humanhash: football-minnesota-zebra-tennis
File name:T.T COPY OF PAYMENT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-26 09:14:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a4943c0fcedb172e4419c5b2569a86d0 (1 x GuLoader)
ssdeep 768:tx5DDyyTl8pTCwcgr63rCg01RuR5N273wACJRnrcdQTjyC1ZxP21:tayTl8pJlV1UHHAAYuTWmY
Threatray 695 similar samples on MalwareBazaar
TLSH FBA32BA296F87FB1E9B647B19D714110C8237D220826E68FB0C6750D3837E49D6B1B6F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm81.hanmail.net
Sending IP: 211.231.106.156
From: κΉ€μ˜μˆ˜ <hjkimysoo@daum.net>
Subject: Fwd: Re: Re: Remittance Returned To Our Bank
Attachment: TT COPY OF PAYMENT.img (contains "T.T COPY OF PAYMENT.exe")

GuLoader payload URL:
http://ukaimc.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_CdsfygT67.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5683/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 02:36:44 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
c3b88b1d9c86a4f7cb1ae7c8b91d44d67c9c9e66ea51504c3204eb575a668fea
GuLoader
c8ea056cb229cc17d43217a6aba42320468cfaea55d6f9846b5f402bab6b06d0
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
fdfc7684865596ff802669590f077277385119144e11e6a1827910c39b0d5731
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 685 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kvnppmmb8e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img a0d64df5d7bbbdf2f93afb81e9e3b9f64604a49bdccd21bbf2f27ac024f4be66

GuLoader

Executable exe 47c4518661a80adc00b208c24ba1726bd1074360eec4c2e3d265f6c412f745f9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368718/
  
Dropped by
MD5 0c8cc7db97af6d7bbbeeab2b1266d9d9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a0d64df5d7bbbdf2f93afb81e9e3b9f64604a49bdccd21bbf2f27ac024f4be66
Cape
Cape
https://www.capesandbox.com/analysis/5683/

Comments