MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59b0be610123d4bcb4e6dc0a75a4ea3cd807b5037596711d9e263578a86f6384. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59b0be610123d4bcb4e6dc0a75a4ea3cd807b5037596711d9e263578a86f6384
SHA3-384 hash: 5d29bcc3b0da5133cea40852883f1b45b4671f20eddde6922a47fb44ebd1b9e3b77a2292d381c0ba284624530faf3348
SHA1 hash: e8b645b7b61ee74a39ee4ac5a98929eeff2aa15e
MD5 hash: b3a75c336ee6c06b31a089ff6cddadc2
humanhash: london-march-undress-stream
File name:JUMPSUIT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-04 06:04:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e21a3440b9106587829087b2ea6d6c0 (1 x GuLoader)
ssdeep 1536:oFO8lLcGthSNWy2Gd2BN+9Jl9lAB6LLPGAT5gL3:xGt+WydcWJlDH3PGAT5gL3
Threatray 1'029 similar samples on MalwareBazaar
TLSH 24835B17EE489A12E56187701C87CBBA2F16BC0C59861F4F354E7E6BBB313621C6D20E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ardeshir.r1host.com
Sending IP: 185.187.51.3
From: H.O.D <miturra@frutexsa.com>
Subject: PRICE LIST/REVISED PCC OFFER 13430403191037 R1 FOR Inquiry no. 505/2020
Attachment: Documents.RAR (contains "JUMPSUIT.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1tsTQRLociE3GjnaVy6plZ1LWlGi3QARi

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6481/
Detection(s):
Win.Downloader.NetWire-7993103-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 14:40:00 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lgyl4yibepklznhg3qfhljhkhtmapnidowlhchm6ey2xrkdpmoca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
6715e87f7070a2d7b5b2c71e98a7bade689a504aed3b95654af3494248a501d4
GuLoader
93dc44981a771519cbdf592c8391ada5234cd2f6c19fc0bb4b3233867db9a345
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac
GuLoader
c8e91120db97c2cc33d799fb33cefcb6e199cb68c824500f22ec8fc1736a90b4
GuLoader
c98091ed44cd76e438ce2e7a9c71b57d37ff45903d365162040af94fa143b9f5
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
efecbafe7ddfe1306dac292dbd23be0caf62c5423a4c7a91086b0ca194a5e3ed
GuLoader
+ 1'019 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qjrfwx6bqx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 159079611f4b0b2fbbe04b6ad04853c0b5f1623c3ed716b1d9e78bdc6f7e1f98

GuLoader

Executable exe 59b0be610123d4bcb4e6dc0a75a4ea3cd807b5037596711d9e263578a86f6384

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374275/
  
Dropped by
MD5 7ef350d37729c976b144e25ef2337898
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 159079611f4b0b2fbbe04b6ad04853c0b5f1623c3ed716b1d9e78bdc6f7e1f98
Cape
Cape
https://www.capesandbox.com/analysis/6481/

Comments