MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
SHA3-384 hash: f6269cc3f45ad813f7dc12ab7240100e175bc5a1653ef27496ae16410da017540ee0626be8e6776517d97784c36d8729
SHA1 hash: 71075ffa8e5cd10e5cccb37f9e9aca9c3941ab45
MD5 hash: 6ef7c13f0e90447d53460a04575548f0
humanhash: black-low-one-seventeen
File name:IF01200008459518.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:07:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a2fdb51d328887d7d6254f81c92ad495 (1 x GuLoader)
ssdeep 1536:MFCAmd41f1V+hBUPzCFBBFHrHocAQQnHhoYpzVj5tF5c8SMTb8q:MXmKf1YEOtFUc56L5PTT
Threatray 737 similar samples on MalwareBazaar
TLSH 70C33A2375D98D95E8590EF21C2399AB2E16AC2165100F1F3A43F79E67332D379BA307
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.516.drienimeoni.casa
Sending IP: 159.65.146.65
From: Roger P. Levy <P.Roger@516.drienimeoni.casa>
Subject: Re: Payment Advise IF01200008459518
Attachment: IF01200008459518.zip (contains "IF01200008459518.exe")

GuLoader paylod URL:
https://onedrive.live.com/download?cid=6605275726C6094A&resid=6605275726C6094A%21131&authkey=AD30p2_I98BMXso

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5674/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:04 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193
GuLoader
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
GuLoader
63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926
GuLoader
70e8b249ce476ea3ff1c233de9eef9b9f1e2ad1da22c1bb3e16acc20eaa0e9a2
GuLoader
b867c39938c7f9800c4a4da862d641a08e2faa3a695c8e41242ff61e767e4cb4
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
+ 727 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-v5349pwhv2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 98b52631c4763ac51ec417c1893f56046a68b131f0c1a66f7cec684b64dcdaf3

GuLoader

Executable exe 8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368729/
  
Dropped by
MD5 66467e4199fd277939c539f7ba6d1500
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 98b52631c4763ac51ec417c1893f56046a68b131f0c1a66f7cec684b64dcdaf3
Cape
Cape
https://www.capesandbox.com/analysis/5674/

Comments