MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
SHA3-384 hash: 2f30f278f77c1315340fa09e081ae349e82edaff61da60aed1c07d4dbb2cec25e6f1dc654127a38531a61e5d0e2c539c
SHA1 hash: 06290c024afdf74c6cfc2980d3035e58e374123b
MD5 hash: 353b009f97180790a93f799d93e386a7
humanhash: september-fillet-magnesium-mirror
File name:Quote.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 05:58:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cb8364532b0f49a345e374ad132e3d64 (1 x GuLoader)
ssdeep 1536:nASPfxV40ZVXNHzVR77kgrKHxLdGKc+o0FDHdZ1gInZjrB+00gSmRbQ+:pPXT9HXKVdhjFD9zj2+R
Threatray 5'087 similar samples on MalwareBazaar
TLSH D8B37C03EC4D8693D1444BBD3D578EB93A1CB95D49002FEF7139AD9BAD712822C9B21E
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm44.hanmail.net
Sending IP: 203.133.180.232
From: 조석현 <sukhyun94-75@hanmail.net>
Subject: [긴급] 견적 요청의 건 _ 해성테크
Attachment: Quote.iso (contains "Quote.exe")

GuLoader payload URL:
http://bosar1759.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/NWATA_oJCLitM62.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6440/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 01:10:00 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l2sggjb3aujvdqqzi2krl643hhibyxb4j5djrplbmtrwa4dcfu2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00983a8176276beea115d21fef7919c49b29b96d78dbc2151cc04cc7d8c95b35
GuLoader
035c2fa5d912202dd34e8410b14a42b0db007c2be8ed819bbc444f9818497f5b
GuLoader
08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b
GuLoader
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
172842029f8937753e79843e36fcb4715c0f3a9de4b256585847df48caf8e10f
GuLoader
228e2e5ff30fec5cdde918f48e98664d9bf1f77f550666baa21208ca9b047af4
GuLoader
347aa505ad319b4d8ee54aabe34dfc2af12b4747af23c6b635821ba9aedd0e32
GuLoader
3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b
GuLoader
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
GuLoader
620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b
GuLoader
+ 5'077 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jw7zkwjvq6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso b30044e40a5e904f454564d7cb9667e8c48858a48e60d6f5189339d82228d5a8

GuLoader

Executable exe 5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378993/
  
Dropped by
MD5 64ec0658d547ba81519646ae7084b4a7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b30044e40a5e904f454564d7cb9667e8c48858a48e60d6f5189339d82228d5a8
Cape
Cape
https://www.capesandbox.com/analysis/6440/

Comments