MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bb00f89a53da0f161e6f2872b315221fdabc16975afedb7364685263487bd1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6bb00f89a53da0f161e6f2872b315221fdabc16975afedb7364685263487bd1c
SHA3-384 hash: c7bbaa8e3e1f0d91a796d37333007009e66cbc694e5ace38da02ca48c59104a3e704696a47af7e65c8294655b644719c
SHA1 hash: 7810fc7a865bee5e3bd00fbae85a04d5c84523ed
MD5 hash: 96e109d6c615f3875163f6788e52c99a
humanhash: mountain-nine-low-september
File name:XPE-S007-LT-002_SPARE PART LIST.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:31:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash de7878502904f12fe19468272c43c4f2 (1 x GuLoader)
ssdeep 1536:fBf4LObbVDWq5ehxLvSXSd+lMdSeJBNX:JyOlaqkvSY+lV6
Threatray 5'185 similar samples on MalwareBazaar
TLSH 28B3C59377D4ACD2EC120EB10CD169A48D2ABD2A4EA16F07384EB74E167B1C51BF13B5
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm51.hanmail.net
Sending IP: 203.133.180.239
From: 이태수 대리 <kate122094@hanmail.net>
Subject: FW: [XPLE PJ] Project RFQ/ Spare parts list [예산견적]
Attachment: XPE-S007-LT-002_SPARE PART LIST.ISO (contains "XPE-S007-LT-002_SPARE PART LIST.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1FaIrcjvh13I-GykLsBIbuVk9NXRIJfyH

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5562/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 05:43:28 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d
GuLoader
3e84acdb102f2437d07c3a28a7d06be9c322ce0840a2627bbddf01d49d337bfe
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
93be0ad3d1ed15ca1f261a5a21ed71098bc299727ba8e17255612d429dbd9f8a
GuLoader
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
+ 5'175 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wbxlmed49e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso d839626491cde3ebff8041628557461a57b5fee35ded0a1140ee7daeebe310f4

GuLoader

Executable exe 6bb00f89a53da0f161e6f2872b315221fdabc16975afedb7364685263487bd1c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367850/
  
Dropped by
MD5 df1f6622546b31e93f4d74eca166a101
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d839626491cde3ebff8041628557461a57b5fee35ded0a1140ee7daeebe310f4
Cape
Cape
https://www.capesandbox.com/analysis/5562/

Comments