MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
SHA3-384 hash: 40d26c1e1ebd3d10013a516c4c6baa357ebcc0d1f2b424ab7d81db43c17d4119864e7e5de8df6e91a55e90987f77a32b
SHA1 hash: 2d07564abc35f128acac4fdadd69458828babc3b
MD5 hash: f304f7fa5eddfd0d457a7e73976b8691
humanhash: music-muppet-island-georgia
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:12:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b8ff5a475ecbd934f586d2a77f26f061 (1 x GuLoader)
ssdeep 768:1LRhc7416N8lBR2z+afVbpulTTgIYLBjHFSV5ZuL+0Z5nw72UP5SVdR:1RFO8lL/iVbmFmBjuZh0Z5nFU4
Threatray 6'043 similar samples on MalwareBazaar
TLSH 09735C176E08CA12D5B046705C67C76E2F1ABC0C4A825E4F744E6EA7FB327B12C9D25D
Reporter abuse_ch
Tags:GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.cesosenintl.ml
Sending IP: 64.188.23.5
From: Thaw Wai Mun <wmthaw@oldtown.com.my>
Subject: KDE - PO2006-0001
Attachment: KDE - PO2006-0001.gz (contains "gunzipped")

GuLoader payload URL:
https://secure.drivebookers.com/kali_UfquusEKt204.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6068/
Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 16:52:00 UTC
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mychha2h3yy2z6gaiv2q7cpd7dq36v7csad5xqh5pyq7wtl6tkrq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
65d993ca9f1fffaa634838468d8f9401f7f2812aa75065e9805447db5b667720
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
93d64ba68ed0dc9c138a80d867806691f14c10c3a98522c7fbe1a442b3f50f1a
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
cbd23ab3964e6425f0068a39d6f15dd86708c1bd091912e9229c1840e75ec70d
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
ebe7e1de6e345ed9445e0d8a11241d13cb92a7df15fc5f05a6c5d6bbf9d3244b
GuLoader
+ 6'033 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pd3e8txxlx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz bafc9456259ead81a34dac9040368daa14737bd335acf7eda5b60e07d9f1c6b4

GuLoader

Executable exe 6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374162/
  
Dropped by
MD5 12c5f38224936d862399661eb0c47ad4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bafc9456259ead81a34dac9040368daa14737bd335acf7eda5b60e07d9f1c6b4
Cape
Cape
https://www.capesandbox.com/analysis/6068/

Comments