MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99
SHA3-384 hash: 921e8f7bd21ecc83473e5f1b8eba07d7d74beeb53859f4c7bdcc4a0679068d4ec5f1c306cbdffda0c568e3d534f68657
SHA1 hash: 1ef9156120f00b9a6f07274809be052bdcccf7af
MD5 hash: 4013eb1d4f5cdd7e8e6146f60f244213
humanhash: blossom-mirror-moon-violet
File name:Orders Documents FOr SHipment CAT01062020_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-03 13:07:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 455e35d01b4f9656e4d7a07193351da9 (1 x GuLoader)
ssdeep 1536:ddFO8lLE9ieqK/BpIcZI+ju2lgl9B6LzPE8X94uHLjI:NsXIc5ju2loG/PE8X94urjI
Threatray 1'622 similar samples on MalwareBazaar
TLSH 7E833A13EE0C9E12D56483715C57CBAA2F157C0C49822F8F354E6E5BBB327A26C6E21D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: flawless.herosite.pro
Sending IP: 103.212.121.73
From: delivery@kia-pde.com
Subject: Re: REQUEST 2
Attachment: Orders Documents FOr SHipment CAT01062020_zip.arj (contains "Orders Documents FOr SHipment CAT01062020_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1u9ErXh9OiRdBT3sf438v0LhFn6-CsRFf

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6284/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:03:44 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqef26b4onhxnyrvojtbyfus26zojljq3k27nqiim2oucqpzpsmq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b2e0d5dd025f3af551020940f5cb7bfa79ce059f90cb62bafc0c8490f197bc7
GuLoader
7a7760c4a4b1244950ea0fd475c53005ced18cb314a2e0fc4499086582e1a5aa
GuLoader
81d221135435a226a35c3099f181b6d1b427e72f414b7a8ab89ac8206b2b4959
GuLoader
8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
GuLoader
8fa47ee760cf1c21de132ec77eef49282a2312f197aba6026ee1de750051014b
GuLoader
a3314185c4c7b813105231aa59fbf2045b1fa595fd4bf322370112926afc24a7
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
fb6a49d393c339750c2effe7797cf304d7d9bb8c95fdaa3431af177f7a677ba8
GuLoader
fea3940f656c82bb8ed4668c67b6be0ecd1b72fc6d6ea52199c365ec03212a31
GuLoader
+ 1'612 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mtsy3mdals/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 58bf63161b6f32774556277d7623dafccad86c583a66c2929e611cc1b3b2cacf

GuLoader

Executable exe 4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376018/
  
Dropped by
MD5 a51cd30147cae5a8d138d19a67a57fd1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 58bf63161b6f32774556277d7623dafccad86c583a66c2929e611cc1b3b2cacf
Cape
Cape
https://www.capesandbox.com/analysis/6284/

Comments