MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d
SHA3-384 hash: 9422539eb6498e7a88abe2bbcb5c75c80710150c7600ff0ce47578557da924419a4a4a123ae4b8b41d3e64b657a72c2f
SHA1 hash: 278d1cbb1a8c585e48b04c227f621dc0725eff95
MD5 hash: 903a6ee9d88e0ee6bfd7177687e7ec56
humanhash: table-butter-india-beryllium
File name:YANCHENG.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2020-06-03 13:32:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 14ff8ebc7776959b41b5094d545d6a02 (3 x GuLoader)
ssdeep 384:i6I1RP6ZrGkKhXwYAsGLZxu3P2or12E30mtzoYccTVVjdY2fE9:ivPUrSAsGLv8PPr1vhoYccPq28
Threatray 591 similar samples on MalwareBazaar
TLSH 1B53F8337BA88463D99E46B24E62CBD11E7BFC7549A84A132D477B9E3D71780AC2C305
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Rex Huang <rex-huang@yuntong-batt.co>
Subject: RE: NEW REQUIREMENTS PUR-01355
Attachment: YANCHENG.rar (contains "YANCHENG.exe")

GuLoader payload URL:
http://111.90.148.217/eva_ZjBvUrSwjL14.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6336/
Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:40 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ouzdhknn2onodv6jowbi65yabrr5fkzanxn4kkw4g3h5n6hmr56q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
37a3468d527e22a4cdd0c1e8717a5bca60db2cd8aaace1a4d25b65eeccd8079c
GuLoader
619bf3fd6586a7cc84f1c3bb1a8a9813513895c10622e74d1f1bd2a37f2fb041
GuLoader
64f9f1bc127c111ad02307ddc1ff43b2f9c14eb2104348a0d2bdc86d1b82580c
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
7d3cb63259a52aa1c69dc8fbe9145dd5e812de1675ba87d31de40f0efaab0574
GuLoader
8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
a0c5ec02160570545c6eb2b81cbff1db49cbce0d90ba6e567b42e1a3e3a7076c
GuLoader
c804f5f16c0a482839a2b519a7f7d5183d9b3e12bdcce8bc36d7463294668c25
GuLoader
ff152184b78d56ab5dd08bf749cc8d1b77209652b34fa2a6dbc77cd087b763a2
GuLoader
+ 581 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jm9n6jpzps/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 3b2509bbffd56f1a955319763bfc4e4ff4e1066629023cf19af9af1d593ff470

GuLoader

Executable exe 753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376024/
  
Dropped by
MD5 17d9ed40e1b4f56856e6a03a3ef34d92
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3b2509bbffd56f1a955319763bfc4e4ff4e1066629023cf19af9af1d593ff470
Cape
Cape
https://www.capesandbox.com/analysis/6336/

Comments