MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7754406e305f40d2a17def7c7d64ed01e3911f18368e36e64b90af21c48a91c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7754406e305f40d2a17def7c7d64ed01e3911f18368e36e64b90af21c48a91c4
SHA3-384 hash: 3752df8e2f2fe0d1a1cd6391ea51e1f42c403e1b323f583f350ffadeaeeded059e0ff2c395be530b3c3cf5f2954a7406
SHA1 hash: 691d484f0305fe4e83d27941c60b81c7dbd03a5a
MD5 hash: c1a0fc307a8541e745ac14e5592e9961
humanhash: virginia-robert-butter-foxtrot
File name:NEROICMART.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-26 07:19:24 UTC
Last seen:2020-05-26 08:15:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 38639a09700ac1e6c4a4768d0bae1c22 (1 x GuLoader)
ssdeep 1536:T0C/eUGzJXW1UzcNAFfRgUPwD8//DT37nIr:BtGz2U46FfRgUPq8//LnG
Threatray 1'121 similar samples on MalwareBazaar
TLSH 98A32AA0AEE87DF5F6B14FF15C359210C823BC620D228E0F60D6764E5C3796697B2726
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: newspamfilter1.mailnara.co.kr
Sending IP: 121.189.61.170
From: WANG GUIFA <info@mon.hagyz.com>
Subject: [MFC Project] PO(Purchase Order) Project materials, machinery and equipment
Attachment: PO-2020-002-MFC-Project materials, equipments, machine Devices.img1.2 MB.img (contains "NEROICMART.exe")

GuLoader payload URL:
http://iloims.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_iidvdmM144.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5596/
Detection(s):
SecuriteInfo.com.Trojan.Heur.VP2.gm0@aONobMpi.18740.9834.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:44:34 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5
GuLoader
4100f196d5289b085ea167afbec9aadbb5105bf46e48b5402f583db123878f96
GuLoader
4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99
GuLoader
5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
GuLoader
60c2a6a0bc12f4b6fd4ecb473d5de3d9de561ee3125055dbbf2d8ff12bb83f60
GuLoader
700f698c42bd0c706c968e420ac3f60c70e4cd714318b61bb3118c564f9e2f3d
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
+ 1'111 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m9h62pzr2e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f76049620ecf0ba2184b3b48945879be2961ea83865c3e4d75f0da89966a5066

GuLoader

Executable exe 7754406e305f40d2a17def7c7d64ed01e3911f18368e36e64b90af21c48a91c4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368699/
  
Dropped by
MD5 88cb61d18b6d61828328b39f59bfb3e6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f76049620ecf0ba2184b3b48945879be2961ea83865c3e4d75f0da89966a5066
Cape
Cape
https://www.capesandbox.com/analysis/5596/

Comments