MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47f80b494b4feb2ae4e346836ebe6e4b1b8137e7c20ff4668c020e35e4f45000. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47f80b494b4feb2ae4e346836ebe6e4b1b8137e7c20ff4668c020e35e4f45000
SHA3-384 hash: 8c5e883b5cba24ab68e345490b7d05f85a1c6ad3045adc75e6660f45d494cd34b28a4ea10914cb558605597dcddb142f
SHA1 hash: 6b01806759418705e8902c3b47f7e5322a80b91e
MD5 hash: ecf8a7ca0389a689a74814220e7cd703
humanhash: east-earth-beryllium-william
File name:ORDER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:54'592 bytes
First seen:2020-05-22 09:53:39 UTC
Last seen:2020-05-22 10:51:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 656f8d41ca7884e9e434f22f57e2a747 (1 x GuLoader)
ssdeep 768:cVSseUfDUOOMpymP7HdaGC1yL45vUXXul2D5XjrmOjTUwULMW6HXpUf2hC:CS8fpbMH1yYvUXXulWBiOMKHXpUf7
Threatray 5'289 similar samples on MalwareBazaar
TLSH AC333A76A6A8F132E914C9F53E64D3B8057AAC305A12C80BE5C43F1F5EFABC1A05531B
Reporter abuse_ch
Tags:exe geo GuLoader KOR

Code Signing Certificate

Organisation:Tekkk
Issuer:Tekkk
Algorithm:sha256WithRSAEncryption
Valid from:May 22 00:21:40 2020 GMT
Valid to:May 22 00:21:40 2021 GMT
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 56D6DFBFF648EA69442E9EE50A45514B41D5B2D07C4814AF79E9EC5690EA0964
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sala.com
Sending IP: 173.82.95.191
From: 최 현종 배상 <herzog@pearlnwalters.us>
Subject: REQUEST FOR A QUOTATION 송부 드립니다
Attachment: REQUEST FOR A QUOTATION 송부 드립니다.IMG (contains "ORDER.exe")

GuLoader payload URL:
http://37.72.175.206/bin_wbVGYxNay136.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.48537.9372.4387.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 06:01:20 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1de9da3a2c6effe9e9eae16a0d70fc19c633e479073f308a666665b0628e866b
GuLoader
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
8556575140ee35421e573d86cf9e34e1062e3e6718e7c7b0059de1502b6d6d61
GuLoader
91ccab55a241292f119e41c55467b08fd4fdade44fe0f9a36b5ad66848491c46
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
ebb1d3f1ac0d238e6eb3ae96d4ebc49fb5a38c8669e74e65145c858339211dc7
GuLoader
+ 5'279 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dg5vbmmarx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 0c30180548ff09f34b7ae212ecb0bb974d713aa7b88ec4765cdffb460aa2948f

GuLoader

Executable exe 47f80b494b4feb2ae4e346836ebe6e4b1b8137e7c20ff4668c020e35e4f45000

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366495/
  
Dropped by
MD5 8bfc216cba407f0fb3f5a894905eb278
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0c30180548ff09f34b7ae212ecb0bb974d713aa7b88ec4765cdffb460aa2948f

Comments