MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81462d560b4bf3660bc4eb2c57b827c7e09dea12f4d590ed05880c3d0fc560cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81462d560b4bf3660bc4eb2c57b827c7e09dea12f4d590ed05880c3d0fc560cb
SHA3-384 hash: e8ff4d752354dc804ade5b443233852e4a35338d2145c02b4a00d3e65892d48d25529d3ab013497473d293735acfd857
SHA1 hash: 8f7f4ec855d3acc01c026a9328395baeae283fb3
MD5 hash: d7baffd94d4902e399798a55e2d91a4a
humanhash: jersey-april-tango-texas
File name:DEMODULAT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-26 07:19:52 UTC
Last seen:2020-05-26 08:15:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eb533453663ff41f9ee1b62d689404fd (1 x GuLoader)
ssdeep 768:ZFXJtcd4YLODJNLMMIo11RuGWdsgfuhSY4ackyB2KT/E1/kVoxkWQ0Ei:ZTtV6MIo11Una34ac7B2KLE1KoxtxF
Threatray 424 similar samples on MalwareBazaar
TLSH E0A30AA167E4ADFAE9B60FB218305650481BFC630C53DA0B20C6756E1C77E4A97B173E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cad.hagyz.com
Sending IP: 165.227.38.96
From: Reshina Jithesh <reshina.jithesh1@suez-oilandgas.com>
Reply-To: reshinajithesh.suezoilandgas@protonmail.com
Subject: Enquiry: E-U2230-009-RFQ for Air Coolers (ACHE) // L & T Sonatrach Algeria Project // KOREA HEAT EXCHANGERS
Attachment: E-U2230-009-RFQ for Air Coolers ACHE BID DOCUMENTS.img (contains "DEMODULAT.exe")

GuLoader payload URL:
http://zed2020.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_LbSiaCt213.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5598/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCZ.15742.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 03:08:40 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
389f012cb41a7504746d8e5f2dd76ba69b69e7d0e395f34ab629be72e09c1187
GuLoader
39e4366de58f4ac1d43bd7deaabb516694317397dd1f447d8f19623123083c61
GuLoader
7c58672f646a85dd65ae2c5d44fdcfb899584a9a27650418a06ecc495cdf7a86
GuLoader
903e3182b86482ee5d72a3d067be340cd1098d486a795adbc47545ddd7b72526
GuLoader
a430a55dda341e88b1098cc062a7b768eebfe86161d2b7ec352cbe0d79a23b89
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bdd5a26a1e63c3c60b9fa021dc6445a1a66d1680cfdf489c403645bb09b1e4af
GuLoader
c7387e5e05f3c282a27e268486f4bf7d6cb6c807a59f650c0f5fd798c5b1cdd6
GuLoader
c8d847101f95eee0e08b4cc4163fa12078698bc5ffef569a9d5d1b49dcbe6d32
GuLoader
f0f7c7b28fe0b5fb53e8290155ea85336b409d919d9d13db4505ac70dbaaf6c1
GuLoader
+ 414 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bwgf7neh72/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 7e23be52a023bfdb6aa5164893b06e47f51e03f4b50e22010f923334c45417b4

GuLoader

Executable exe 81462d560b4bf3660bc4eb2c57b827c7e09dea12f4d590ed05880c3d0fc560cb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368680/
  
Dropped by
MD5 7a1cc7c4a36e7401114b9a6bc02aeb99
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 7e23be52a023bfdb6aa5164893b06e47f51e03f4b50e22010f923334c45417b4
Cape
Cape
https://www.capesandbox.com/analysis/5598/

Comments