MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e4b858c8b34deac90ecc0bbf4d6480ee0815c7588a192e4ee30eccfc8bda290. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e4b858c8b34deac90ecc0bbf4d6480ee0815c7588a192e4ee30eccfc8bda290
SHA3-384 hash: f22710b4a2e7249871c667bb5f16379d554d2ea9f5a38b005c0fc7d1dfa0a7e8c7f473a2da55bf535d4478ad05704313
SHA1 hash: 6a1a616220fb9e48613bf0c681de888ce34b5a0a
MD5 hash: 63d7080733fe7e6ae1fc7eaa2df4e1ae
humanhash: triple-india-blossom-robert
File name:file.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:11:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4f4be983cd7faf99653a2303055bb390 (1 x GuLoader)
ssdeep 1536:hRBb3hrLTiSxcWY6Tk/Cxa3nCoXvce3u2IxvYEOMX8ponMbS:hRBwyly/HX7EcSnMW
Threatray 457 similar samples on MalwareBazaar
TLSH F2C31B12B8C99CA2EC594FB60C6755EB1E15BC2529240F1B738AFB9D32371C13EB5B06
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm48.hanmail.net
Sending IP: 203.133.180.236
From: Charles Kim(김현철) <seoeun89@hanmail.net>
Subject: 견적요청서 송부의건
Attachment: file.IMG (contains "file.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1K4-CGVEYzdkwxrvRrCnPp6QMsL8Vb8-m

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5680/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:13:32 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d
GuLoader
3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
65aaafb0ff30d74d71b57e4890e42f6cb9dce158b853e336971c7d1a717a07c1
GuLoader
7e7933226a8a988d5ba124e629468d1a4e59ea9fc67a834e8db2cfb03d34af3c
GuLoader
a7a59d86798f2df99df6adaba2c7713a12fe773b73cf3c4c0ec60e5067136630
GuLoader
ae7f733839f6f8e1560db793e5ec36573239f14aee9be57a477a2ec6c433baca
GuLoader
b867c39938c7f9800c4a4da862d641a08e2faa3a695c8e41242ff61e767e4cb4
GuLoader
bd7d25a9958f0455c03a169c21ecba511a0ce5a43d528f8c3fdce782e4b31834
GuLoader
c89df787c82531acf38787d9c159b9fc6bd995cb9402ff8f6bab423363c5497e
GuLoader
+ 447 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-w2ch1ev9bs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f27d1c9f31285da63264a5f0bce8f20d7bd8051750f27d4c8681edd9e4f1d41e

GuLoader

Executable exe 6e4b858c8b34deac90ecc0bbf4d6480ee0815c7588a192e4ee30eccfc8bda290

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367841/
  
Dropped by
MD5 029d5e79f8db6d312cc3cd30aa011f56
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f27d1c9f31285da63264a5f0bce8f20d7bd8051750f27d4c8681edd9e4f1d41e
Cape
Cape
https://www.capesandbox.com/analysis/5680/

Comments