MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90e4736e48846a554c0438083177e6b7f1753450d32b80497c5e3d93d1344849. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90e4736e48846a554c0438083177e6b7f1753450d32b80497c5e3d93d1344849
SHA3-384 hash: d5587506fadc5afe5e5dd8dd0805ce6a30bd4f391e66fc30034a9ae43abdb08edfbb9f06ddee0f794286bc4843c13a1e
SHA1 hash: aa55e99d969baee693176cd416d08fb88880348d
MD5 hash: a3fe75d49fcb5329a0d081278bd9940e
humanhash: nevada-kansas-speaker-item
File name:890660021.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 09:21:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1a11bf69869cfe92bda9bd4409ac1bd1 (1 x GuLoader)
ssdeep 768:6YmYVe6PxnyybvwytAwfPQ/FbYbBzPtIhKHyCJpjidK6Mt53L/YfvD2kfYEct:JmYcinTtAB/dYbJPtTS0F6yL/Sut
Threatray 577 similar samples on MalwareBazaar
TLSH 26B3E82B75D5ADB3DC364FF14DB195702C26BC7018018F177C0EBBADA5BA28D29A9306
Reporter abuse_ch
Tags:exe geo GuLoader SRB


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mxload.webglobe.sk
Sending IP: 212.57.32.37
From: Radmila Šoškić <esivakova@mlproduktion.sk>
Subject: Поръчајте 4890660021
Attachment: 890660021.arj (contains "890660021.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1D1GdO27aQr62g77-u4jGszUIYKy-3OMP

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4984/
Detection(s):
Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:06 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0a6caea4ce7bf55029e1f01895a6c653fb2c5166f76dafcf94956dd8915e4eab
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
270b7f2dfa665133fe2d57069e4654b4065d5d919e4b881ab28ec215273bf767
GuLoader
28de8f6722499072f48c519ac1b2f318f56f1a800fb3db515d0700d5f4b1db50
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
4e14841c96a09f5850d1cf5fcb3526714c22d7174e3f75c8a309d8db36ecef93
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 567 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-gyk1gvesmn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 2953239de08a7b9e19da7663dc0409deaee24fd71c94ec7e861e390333764540

GuLoader

Executable exe 90e4736e48846a554c0438083177e6b7f1753450d32b80497c5e3d93d1344849

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368755/
  
Dropped by
MD5 9ce255a44296c2608d99b47e60316a8f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2953239de08a7b9e19da7663dc0409deaee24fd71c94ec7e861e390333764540
Cape
Cape
https://www.capesandbox.com/analysis/4984/

Comments