MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80e21d81ac45f491b022b9b17224e4fb4c8bc034282ff3a6836b8273dc02afba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80e21d81ac45f491b022b9b17224e4fb4c8bc034282ff3a6836b8273dc02afba
SHA3-384 hash: 13423e5b84f154e9fe252ebdd31920e07133baa593e90163a16ba6b0b09e988c98ab80d3bfbc93e2dbe7617fa2a49ba3
SHA1 hash: 682fa32b196c617023ee4ba8e1a96855e2789a0d
MD5 hash: 1b4a888ca524d3a71f5ff7f8577cd522
humanhash: king-stairway-idaho-spring
File name:UYPO20200527.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 16:46:02 UTC
Last seen:2020-05-27 17:49:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1690ed4fc389277a692d630b03b609ce (2 x GuLoader)
ssdeep 1536:cxiGpkLpIuRIG1Zedgyohld1uavD+WPDkIECJIjbS+oArh:cxiakLp1j8b3oAd
Threatray 264 similar samples on MalwareBazaar
TLSH EEB30B0B75809C72EC248FB29972A5612D32AC35AD104F577645B76E7933BCE2DA032F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm43.hanmail.net
Sending IP: 203.133.180.231
From: 이재호 <hdtreng2006@hanmail.net>
Subject: 요청자료목록
Attachment: 20200527.img (contains "UYPO20200527.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1_Wr9XlwvHIPpr96WNN2zSDfkf__SwqFU

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5725/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33911445.24854.28795.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 03:42:52 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b161b9398f1f28f73c9bfaa6b536cc8bd49d1de076d78404f9a1fe181ec02b7
GuLoader
1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
GuLoader
1ede635c9e8e470e911dc46b40300cd2e794703cedd0f5487d9677244864741f
GuLoader
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
GuLoader
67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
GuLoader
8780cfbde0db4996b68e320d9d2576f39a2d7f99a8ed60ba0c4e543f17801bd9
GuLoader
9809e7b9ac68c6e45309bbaa600829cb8ff32a48002ca799aaa8005f7e21f262
GuLoader
a58514d885d493ebb627f107f0a3ded181311e153038fdc1626323bbea512f47
GuLoader
ba4b1ece1f0d42d229946e79fda474ea6d417b7f597bcea4199e0f2d0baea666
GuLoader
e031beb4c230faf0d895f0d40e5063d56c41d11cf6208a531a35176cd76e3a41
GuLoader
+ 254 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-a9kycn1r3e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img a313b0ecf7eabda350bffe908dc0460b12157fe341ea4bf7ffe2a235e9c8d824

GuLoader

Executable exe 80e21d81ac45f491b022b9b17224e4fb4c8bc034282ff3a6836b8273dc02afba

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369910/
  
Dropped by
MD5 bca194adc7f0d4e5df12b218134f3b24
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a313b0ecf7eabda350bffe908dc0460b12157fe341ea4bf7ffe2a235e9c8d824
Cape
Cape
https://www.capesandbox.com/analysis/5725/

Comments