MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 487032be06deec0a6b50c6c0464edb67d50f9bb769ea1527969d4b67b83e8733. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 487032be06deec0a6b50c6c0464edb67d50f9bb769ea1527969d4b67b83e8733
SHA3-384 hash: 4e24c43fae3096cfccdc562cec605794f3b47354f7aef13826e89e50e663d87f5a8d6cf5bd7bd03cfe30c886aa5f164c
SHA1 hash: b16ec00795848ced90e1e2dcf990fc8fdfc7fa24
MD5 hash: 5c2f0c7c8f1ac7310cfa9b11f320cc55
humanhash: mike-michigan-five-beryllium
File name:Hormephobiadesignee.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-28 13:15:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7037f6fae6af4feceb3dc3603a782745 (1 x GuLoader)
ssdeep 1536:yRA7ruJTKwcx6NlOAEWi2X5FOgtiBb88Z+zpATDBqwj5PGNdqlZlm8dNp:iA715s73biqm+z+1qMPogR
Threatray 973 similar samples on MalwareBazaar
TLSH CC0439227A55DCB5C66042B4DCE1C4F80535AC18CE178E3B32D17F6FB53B09A9A6A273
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: box.graetfoodgroup.com
Sending IP: 142.11.195.72
From: Salil Johory <dipak@graetfoodgroup.com>
Subject: Re: Wire Transfer Confirmation 100261804
Attachment: Scan0001.pdf.z (contains "Hormephobiadesignee.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VDDr13QB-SbZaBWx30W2Z7lMfIeRUu_3

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Remcos
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5146/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMEF.3703.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 11:07:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
remcos
Create hunting rule
hawkeyekeylogger
Create hunting rule
emotet
Create hunting rule
Similar samples:
1ed676d7b5902ae99362fbbbd80e7dd2b9cb9c479d9b9a8736f30829e7fe4176
GuLoader
3484fffe14e6d045c8a5c568187f686d4479693dadb3fc4631b7d307000b5148
GuLoader
654dcb8cbaca77d6679523c36f44ea656e39a97ce7e4d6f91b089fe8d54f9787
GuLoader
82421fe6bfd0fa95f4bc1813c1dbaf3ce1fc505f2e04dafefc653316e0f1f547
GuLoader
8a6bf2bc00a6d746dd60c82d00c5a226ffda03638cdcc937a0acb090363562ab
GuLoader
b4d2f2e28311317f4e568f4245c251cb0eb314e391223b2077d183e3d0de5738
GuLoader
c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60
GuLoader
c87a719713c51891fa7b0def4b093441934d9f60ef8bd52951e2efb9a030f59c
GuLoader
d74d145a490143aa9b5088044bd31e46042dde2522600d119948e7914f1c4a10
GuLoader
ec4b8a8c2223163d74c1c9b97e26889074e995beea8e9a78ba3a8a430fde7bd0
GuLoader
+ 963 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jpgmdp3gkx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ac5dcb5a907fc0eb373fdfc6eac7261328ab8fb869ef4b0fca2ac668f2fa6039

GuLoader

Executable exe 487032be06deec0a6b50c6c0464edb67d50f9bb769ea1527969d4b67b83e8733

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370301/
  
Dropped by
MD5 8998c4847458c3ea41a069ad4b3ce381
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ac5dcb5a907fc0eb373fdfc6eac7261328ab8fb869ef4b0fca2ac668f2fa6039
Cape
Cape
https://www.capesandbox.com/analysis/5146/

Comments