MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e16c663be416ebc214f67367811ccbfec46102cc9ecac856b91f58ff775885d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e16c663be416ebc214f67367811ccbfec46102cc9ecac856b91f58ff775885d
SHA3-384 hash: 89a96e95faedfbf4b6d8b652cabd625b0d09109038607fdb37cf5f113e3e24b89468fd91e4c4912e1005029a45896e7b
SHA1 hash: e0bfbf0edcbb8a7609ba657c8fbc134975fac865
MD5 hash: 8ec5098126d15d9e6d03a47c82595b02
humanhash: spaghetti-charlie-nevada-sweet
File name:chevron.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-28 13:17:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dfdf7c0eb77ce5a2c77e3d1b143fb2ec (1 x GuLoader)
ssdeep 1536:oP2nbPEfAR5qLhtWsmUnWn2or8UY8YnYEY2YOYoYdYqYbYgY2YyY5YNYXYaYLYxx:y2bPtgtgUnWnHAcrF6H1QpTr
Threatray 5'309 similar samples on MalwareBazaar
TLSH 7C041817766EECA6D96143B0CDE1C5F85421BC04C91B8A7B33D0BF2E767914A9E2A331
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns1.mostplace.com
Sending IP: 203.146.102.40
From: Najam MS-chevron Malaysia <Muhamrnad@chevron.com>
Reply-To: chevron Malaysia <Chevron.malaysia@asia.com>
Subject: Quote Requests))
Attachment: chevron.zip (contains "chevron.exe")

GuLoader payload URL:
http://mexiwoodstudios.com/a1/bindonmaster_pnljydbm231.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5866/
Detection(s):
SecuriteInfo.com.Artemis8EC5098126D1.29198.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 11:25:18 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
16b59963cf5398fe9d50d18723bf7b78073a6fd4d1dfd3072b45b8852ead2d58
GuLoader
3ec51daa2ad133cfcdce1ffca7081f96ee58d9b5c2d302cee732e6e2cc3d8cc6
GuLoader
6830866e2d41b970c95172f9a156522c72cfd238f846c02c19827b2100fc5deb
GuLoader
8791d7218610249f735812d5d7f4f890e0e399c3efab189221bfe96732fc2b1e
GuLoader
8825d54a98bbf629eac36f5a74a592a78d8463819c0f1e097e48ad5a235b92d9
GuLoader
900a6f47b5d63eeb95728c0ec9ae469d31564cfbb1849b34549ac0f8de28fcde
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
abdda3f05f9a29ab8ea6f45d5249f04168a17f3b64034a3596f8b0f1701db1a5
GuLoader
c03ae704dd35d3acd68ae4275d8007c3001a044c34c3d5dbc5299da6e1ca5a68
GuLoader
ebb20ece00b9d35c26bb797dbbbd6df726473e198a53095cb232dc8042c18d7e
GuLoader
+ 5'299 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-d43pjm9alx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 3e3eed34661ffc1a326fcd04cdb51829236a2ef90ba97603393cb83c39d14a13

GuLoader

Executable exe 4e16c663be416ebc214f67367811ccbfec46102cc9ecac856b91f58ff775885d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370979/
  
Dropped by
MD5 564745371d85e64a24fbb531e935dfc2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3e3eed34661ffc1a326fcd04cdb51829236a2ef90ba97603393cb83c39d14a13
Cape
Cape
https://www.capesandbox.com/analysis/5866/

Comments