MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 508f200677afcf864fc716ca89f7c840df97a76c6dbe3d58dabd12afb222f550. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 508f200677afcf864fc716ca89f7c840df97a76c6dbe3d58dabd12afb222f550
SHA3-384 hash: f97c2b28201017f99b942f59329a825a009c6ac31468f26ca6720bcc1f283cd0446125034660c79388a1cc14a1d3f160
SHA1 hash: 633d7b67a336f96e3e484c99f6f2c798d8a3461f
MD5 hash: 93b318fa8d927d598587d8fb9d87d7f2
humanhash: item-ohio-double-violet
File name:BRIDGE BEARINGS -JUBAIL PROJECT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-01 13:37:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a20f9f5b2f9fa1d6040d16ec51ec8851 (1 x GuLoader)
ssdeep 1536:N4FO8lLUvSdD74h7Bo+ZpOMIGl4llB6LX7ec8tofQ:NhSy7C+uMIGlA+r7ec8tofQ
Threatray 1'143 similar samples on MalwareBazaar
TLSH E1833A17FE0C9912D56046712C67CBAA3F157C0D49826F8F344E6E2BBB317A26C6E21D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: ABD ELHAMEED <info38313@cuinsa.com>,
Subject: PT - 951 ; BRIDGE BEARINGS -JUBAIL PROJECT
Attachment: BRIDGE BEARINGS -JUBAIL PROJECT.cab (contains "BRIDGE BEARINGS -JUBAIL PROJECT.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1sfWp8qt8IqRnCBA0VlZaFqGcDw3hfOiH

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5922/
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 10:09:47 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kchsabtxv7hymt6hc3fit56iidpzpj3mnw7d2wg2xujk7mrc6via._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
26f2158d9837aa986e3d69b6cb3df0ea039d0434cd504c2911ad9788bbbf7715
GuLoader
448379f1a0a59fa0a84180351e48559c9ed7ea6875cdd525782b714a77a2fff9
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
799d1f1babff3cbb4d32af69d12948ff5de47016063eea48756323516ed96337
GuLoader
7bdb44b6363e3b185573f4c7e08e78201174fd692f18fc2882a95f8ba455bb5e
GuLoader
a0c5ec02160570545c6eb2b81cbff1db49cbce0d90ba6e567b42e1a3e3a7076c
GuLoader
a62d4c1357cebeab47d417a008454aa34651ee9fd7a606f512784fd1a3a65921
GuLoader
bb137c0c0742c9ed929b15effefaf71351c1a021e9c0f573f864eff7433a5218
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
c5ef77c9b5293774ac7a58fba97cce6a84d3948af08b014a08c155e978c09eef
GuLoader
+ 1'133 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3968f7mxga/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

cab 86bc0e7ee3391cffb1f3588a61a18052331c4565c938d228b518e8543eb1aa1e

GuLoader

Executable exe 508f200677afcf864fc716ca89f7c840df97a76c6dbe3d58dabd12afb222f550

(this sample)

  
Dropped by
MD5 7ff8cbe1bfdb0e416247ea98efacf506
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5922/
  
Dropped by
SHA256 86bc0e7ee3391cffb1f3588a61a18052331c4565c938d228b518e8543eb1aa1e

Comments