MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64ed853709b8b3070163500aa33f199d3cacff5fafba4c895a9c9f85a664da40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64ed853709b8b3070163500aa33f199d3cacff5fafba4c895a9c9f85a664da40
SHA3-384 hash: ab7ee554c1213cf8a7e03763f167038c10660db795226e36fdb5a14aa3a356f88dc4f2ad517667063ad686070fe95a3f
SHA1 hash: 781a592849f840ec4d2bdf1251e709fb659e8cfa
MD5 hash: 3da2174245fec68180f34307c0ec88db
humanhash: emma-cardinal-timing-mars
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:49'152 bytes
First seen:2020-05-27 17:38:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 44920d299739d1b8c99bcf88da94104d (3 x GuLoader)
ssdeep 768:jz4RqD19mz1WgyGHtdmge/3orz3uAZwd0hBdDUH3JKZG:v4S19mzXyG1e3DAe0h/DU300
Threatray 716 similar samples on MalwareBazaar
TLSH 2023E727E57B8812ED214E73D922BF6C192A7D10D885BF0AE1447B5E4E30B4677B312E
Reporter abuse_ch
Tags:geo GuLoader ROU


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: clean309.mxserver.ro
Sending IP: 92.114.95.64
From: Albert González <agonzalez@circutor.com>
Subject: Cita urgente para un proyecto offshore Junio ​​2020 Ref # HLM39299
Attachment: Urgent Quotation for an offshore project June 2020 RefHLM39299.gz (contains "gunzipped")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1-0tIvfR8LCrvP4djjjnTfDN2ysbRmQSF

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5069/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:19:49 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec
GuLoader
17f3bf4906bf3bd91c966b52c6257c5fa05c3685199e39f17767b410c568b1bd
GuLoader
58faef99e4fcfd4f1b48907d4dcc145c0aa1013e43d938abd7a164ff46104975
GuLoader
7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71
GuLoader
9ba9dbccef86d6630e4db6c7538eb4043232c7f234c1377eacdaa6543d2b8af3
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c43ac92a424c154cc3dfa3a7558dc3040ed5feedd24a89471b93fbe8f27bf66b
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
e09c2eb3f06cc722f1035d501755645c3feb569441f465ae3ba69aa4aba6ffa1
GuLoader
e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5
GuLoader
+ 706 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2naz59rvnj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz a2ac2ba3488bf9e0d888ddbb96c5764920e5731976b6db20f92218acfee8b77c

GuLoader

Executable exe 64ed853709b8b3070163500aa33f199d3cacff5fafba4c895a9c9f85a664da40

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369939/
  
Dropped by
MD5 331adbbabba218fb026df0bd66bdcd63
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a2ac2ba3488bf9e0d888ddbb96c5764920e5731976b6db20f92218acfee8b77c
Cape
Cape
https://www.capesandbox.com/analysis/5069/

Comments