MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4dce60ed857ab264ba4db32dfa8a3f4b3e6cc1d94cb2cb48bd33a98f9bf9f692. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4dce60ed857ab264ba4db32dfa8a3f4b3e6cc1d94cb2cb48bd33a98f9bf9f692
SHA3-384 hash: 68bfc05a1ac6e8498a68d7ae42e26c29c48a4bcec5f3ee9eb50e4d4ed7295323375dcd699ab037bf3a6584bdda4292bb
SHA1 hash: 64d0656b5ceb837c747dedf6187f9aa481662e6c
MD5 hash: 84b3fbeec4861dffd2f33930062a1f73
humanhash: coffee-july-earth-pennsylvania
File name:residere.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:39:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d83415b5f7e0bda5a4cda652d6261bed (2 x GuLoader)
ssdeep 768:zbpUx3WYQFykM3P8iKqlTegHGVtq+74uLWMXnC7AmB/lso2MK3DmHa:ux3tkM308lTR2DNbnC7AmB/lsoPKoa
Threatray 260 similar samples on MalwareBazaar
TLSH 4BB3D6127AD4ACC2ED162EB04FD69EB61E26FC657C114F03B5AFBA4E29371901FB0215
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.example.com
Sending IP: 103.114.106.250
From: Jason Bourne <admin@mogioan.cf>
Subject: NEW FOB KWANGYANG Seaport Korea to Karachi Seaport Pakistan.
Attachment: NEW FOB KWANGYANG_images.rar (contains "residere.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1RAatPK2wrAQeQTpb9iw37oKW3zhgBpe0

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5568/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:22:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d4bd4bcfe5f31f317eabc6780b91c1499f4dfc22025cfa6eeec3bc188207dc3
GuLoader
242048a88fe7eb08cbd3de9cd13d0dad6f532bd8f85fdd8dcee59d7289f6c9ab
GuLoader
2a4737c791956f7c020af62490a855297096797a632a39e493ddf19365916456
GuLoader
6d192f66f0fbf8a2f9311a12b5905ce6a19ecd28e7c483ccfedaf0b5b153c0eb
GuLoader
70399b135fa0365dae66a01b072dd8614be73c7ff2b4cc51caeeef64dfc60ef5
GuLoader
7cbc380c05ce0b8e7ff6c94ee11ac6aec99adfb14e530f43d895af660588e984
GuLoader
9848da60b74c19523583a237900008a3fcb268a9a4000c352f944f7d9f0d78e3
GuLoader
d44e6b767f7bc663a04cb2e952e202eee52f0914a35115fa8129cee1228a31f3
GuLoader
e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855
GuLoader
fdee0aef0be932935554b59899df6f51b2caea4d730ca1179158c15f62a9ccf4
GuLoader
+ 250 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rbjv353vra/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar a2ddb39cdb47b65c04fbcf28c164cc474ffbf1c03456ea35ec9cff62d7bfeacf

GuLoader

Executable exe 4dce60ed857ab264ba4db32dfa8a3f4b3e6cc1d94cb2cb48bd33a98f9bf9f692

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367857/
  
Dropped by
MD5 07c70e01a4758f79b0ffcafbb8635fdf
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a2ddb39cdb47b65c04fbcf28c164cc474ffbf1c03456ea35ec9cff62d7bfeacf
Cape
Cape
https://www.capesandbox.com/analysis/5568/

Comments