MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
SHA3-384 hash: 2e5f8762c2a9b467f6e1bb7b46028e100f83181eca48707e499df5688b5e997943d8bcbea1641dde8027922edc3c8055
SHA1 hash: c657360cd0220ef6fb5ad565459d9b4396f621a1
MD5 hash: 9058b127ec2d371577269f8d87e432a9
humanhash: muppet-purple-yellow-butter
File name:PO#W908.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:18:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6eccd32ba98d5d2a5825a1ee511c8fd5 (1 x GuLoader)
ssdeep 1536:xy9HRpP5Ip12coJqr/B0RM2AHUFHFnVht5A8TY7by:0jqoE/23v5W7m
Threatray 140 similar samples on MalwareBazaar
TLSH 93C31A27B4DC8C81D8184EB05C6799972E26AD3179140F173656F7EC2A722CA7EF0B1A
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.cherters.net
Sending IP: 45.95.168.241
From: sales02@cherters.net
Subject: PO_W908
Attachment: PO_W908.zip (contains "PO#W908.com")

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/w_ABcIvP36.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4983/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:41:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
28dfc81c0660d22a889fa79cf30b0698e1f4c78a6693c277931868b67b29646e
GuLoader
2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
GuLoader
6327c2d28925dd4680b13585501e34181fc4beefaeb08040d1c10fc91a16f0a3
GuLoader
8d6e4671da660a178432514e56aaf7445ea4f03a60f20cc9b6d29826ab435975
GuLoader
b092a330b736b90c25196d0784455f5d605aae83dca16f8569451236204d0976
GuLoader
b4e68cc1125476baac15e128b8e5daacbe857a05c525da252348ba0844ecca83
GuLoader
b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
GuLoader
dcafd8ba263cf7e448be257a8d25c968a0060908f93f9d02a068bb0dd482879f
GuLoader
e661bc38b20992b846232fd3d6cbe914bb46ae68b39ce7e7a348be2ba5261851
GuLoader
+ 130 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jh8z9dln42/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip caa69bf1058a4add2c0a2e23ac5ba4b89089e00089ae6823ec7a8aa6e08317b5

GuLoader

Executable exe 50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368725/
  
Dropped by
MD5 c5fa1f29ef2bf1f61aed599e03949919
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 caa69bf1058a4add2c0a2e23ac5ba4b89089e00089ae6823ec7a8aa6e08317b5
Cape
Cape
https://www.capesandbox.com/analysis/4983/

Comments