MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f4ffd4acbf022b50208d546731446d3c5b16380a244dab0261ad0cad8ce02e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f4ffd4acbf022b50208d546731446d3c5b16380a244dab0261ad0cad8ce02e0
SHA3-384 hash: c58eca11296d707047b0f1806b0f1c57fd6ba50e0c2e668ddfd0d9c58fe8e6a7ce044d872a69fcc93037ac01ea4ee003
SHA1 hash: 7d69e7add51387544d3546eb31e1ed542a628e0d
MD5 hash: 03c335dba450e43e644c29eaf4383f3e
humanhash: bulldog-johnny-bulldog-spring
File name:NOA_COSU7221931450.PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-13 10:22:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 086a689410dff64159128beb8a4e519d (2 x GuLoader)
ssdeep 768:jMBKNq/5j2Hx8fgrM0dfyUd3x95lgzONoSBabZPMCvC7S2cBXD1njgrqKhI:ox5yHM+dRBrlgzOFB0S2x
Threatray 224 similar samples on MalwareBazaar
TLSH F2932B16F9954562DB004BB3AB28DAEC025BBC6127254D933DD43A6C9F37A05B53233F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dci82.dotcomindonesia.com
Sending IP: 50.23.82.235
From: COSCON_Provided Documents_JAKARTA <jakarta@taipan.co.id>
Subject: -Proforma Bill of Lading for NOA//PT. KUKAR MANDIRISHIPYARD//COSU7221931450
Attachment: NOA_COSU7221931450.PDF.gz (contains "NOA_COSU7221931450.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Heur.VP2.fm0@a4IwXSoi.7714.30924.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 03:30:51 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j5h72swl6arlkaqi2vdhgfcg2pc3cy4aujcnvmbgdlimvwgoalqa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b
GuLoader
57aa81416cfdbd76df2a15cb14810f8529ecab0eea978210a4ef3047f35a225e
GuLoader
6e2cbc6512ffadca97e3562f2947114569f70b9620a69aa8662001b266e1b4ba
GuLoader
7cdd4c3ab71ceec4a0e9e0fff84eec6ac587a6ce6f2ed80789abb35a98321527
GuLoader
8b9168d5ab359866b52639ef7dc5f25a8154707569bd1cb0fa9200a2293cbefe
GuLoader
9d85a0de0623aa8d4a2b1c5887cc18a77c9482115acb71a12b7a54fe186c5484
GuLoader
bea7862dffe387d422fb7f11c92989064c6b396ca9ef5687fa28262e2de83e2d
GuLoader
c121b14316a1f7976c4337f37c29acd3a1efeff592617736b1ae1e6d3bf04b09
GuLoader
c8b1cce5ae65d68b7ca2a419b1499d7bec6e4e3d1e04d3e3f040eeaeb6080146
GuLoader
ce34b2b2da3172b4786d808d218ff295a12d69e36847ad449c88c78cf9241cad
GuLoader
+ 214 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-srejp1f9ps/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 52a9a53ffae45970bebb8073dbedce1f568255512a15cd0fff9859a704d0fd5b

GuLoader

Executable exe 4f4ffd4acbf022b50208d546731446d3c5b16380a244dab0261ad0cad8ce02e0

(this sample)

  
Dropped by
MD5 245ac4d2bb80f4bb6ce6db2fdee0219c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 52a9a53ffae45970bebb8073dbedce1f568255512a15cd0fff9859a704d0fd5b

Comments