MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
SHA3-384 hash: 7b16ad68c9774857b8c5b9d7600aee9bb946ec59f2e021697d3bf7d27b7e0986ca13459cd706af709d1ce840eb6a1474
SHA1 hash: 0f8e3840947f0e71b0ef6aa4738d6d61c9dad9f0
MD5 hash: d29fd66f1d89911686bf374e7d755da2
humanhash: violet-stream-ceiling-happy
File name:WIRE REFERENCE.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:151'552 bytes
First seen:2020-05-27 18:25:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0d954f5c1497e90611e37b18a7fbd0b0 (1 x GuLoader)
ssdeep 1536:kf4RvVSJx3MqGNkK+gvP7+bNPb5KBBkm36brqz0+f90N85gV:jvMINMO+5bOlIWzNfaKgV
Threatray 1'010 similar samples on MalwareBazaar
TLSH 87E38505BED5AC7DD55A2EF16885A8962A1A2C00BF0413EF21D0FB7D72368E17C71B1E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.boellhof.com
Sending IP: 45.95.169.21
From: karla Friede <karla.friede@nvoicepay.com>
Subject: WIRE REFERENCE FOR NVOICEPAY PAYMENT #4321453
Attachment: WIRE REFERENCE.IMG (contains "WIRE REFERENCE.exe")

GuLoader payload URL:
http://185.205.209.166/wext/Rem-Stub23_tkxlq56.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5767/
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.jm0@FaDQe1ni.3864.2169.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:22 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
remcos
Create hunting rule
guloader
Create hunting rule
Similar samples:
0b8d469babc7b057403a1d7ca0f781c9a675523941cfcc8bb6eae582680746c4
GuLoader
15bd43191828799355d6009ea83dbfedbde843ce346321a6db7eeb61eb687d88
GuLoader
487032be06deec0a6b50c6c0464edb67d50f9bb769ea1527969d4b67b83e8733
GuLoader
91adaeeb7ac7733741a68cc0283a10f64403f64d1378558bae2342bec847f8e5
GuLoader
a01d4a1b86c5cef8726cc8f8c26a93739f10d1f68d101f9d2d94302dc248704e
GuLoader
a32c37dd601a6fcdd6e622b2c928c7ef7935a77a0df9a2dfb9c7774630dd266e
GuLoader
a7d93e9c9bb80f0f8a271ae4a101f305bac535e197697b35f291794fa83ef538
GuLoader
ca1db184290b274c1f78b091bf019926fa258dd8b1f5bb316a55832aec970338
GuLoader
e138622ca793f4a546496b40dcf406a83aa667d16fa2a29879d8282a39d6e7ff
GuLoader
e6e2a0f4f64aa78699c8e7e56f33c391d085e655a8a0579f5fa43c42cd580ca7
GuLoader
+ 1'000 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hamwt393l2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 86c2895e3eaa2f058df03becfc997158aa791a249482f748fc424af137268cfd

GuLoader

Executable exe 60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369580/
  
Dropped by
MD5 a933cb43845713154c56c2c59ee0de16
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 86c2895e3eaa2f058df03becfc997158aa791a249482f748fc424af137268cfd
Cape
Cape
https://www.capesandbox.com/analysis/5767/

Comments