MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d74a45140396715c309ac076839d0abf83ad6e55a4c8fa6cdf6e9cb4dec8cf6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	9d74a45140396715c309ac076839d0abf83ad6e55a4c8fa6cdf6e9cb4dec8cf6
SHA3-384 hash:	41a349b38c8c68b56aadffae31700bd78b5daebeebafc4f628eb65a69d14e319021bf968ab10fc2eb74f38e24e3dbbae
SHA1 hash:	3fb74c6d2c829e32a8b49708ab59ff7fd19e7294
MD5 hash:	56d525e4b293b53a37915917b4fe23f7
humanhash:	blossom-football-solar-seven
File name:	DOOYOUN CORPORATION Emergency Production Request.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2020-05-27 15:58:01 UTC
Last seen:	2020-05-27 16:51:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4d9c043ee9c6f64ada916b54dbd959fe (1 x GuLoader)
ssdeep	768:caKFPS8YpWttb9X+5UR2AJAweAjFiYBAkGLdbmShtOXepQIt044xOCVZ0H9:hqPWpq9uKJfWddSOpQIt0uyE
Threatray	5'116 similar samples on MalwareBazaar
TLSH	77932A13B8790DA1E80241B0CCA2D3EF16D77D215D565F0FB6C83A6D68BA6862CF531E
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: mail.richermoren.gq
Sending IP: 64.52.172.142
From: Jaeho Lee <reshina.jithesh@suez-oilandgas.com>
Reply-To: casmirfatih@gmail.com
Subject: DOOYOUN CORPORATION Emergency Production Request
Attachment: DOOYOUN CORPORATION Emergency Production Request.img (contains "DOOYOUN CORPORATION Emergency Production Request.exe")

GuLoader payload URL:
http://izpanelone.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_LtTlZ208.bin

Intelligence

File Origin

# of uploads :

2

# of downloads :

79

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/5714/

Detection(s):

SecuriteInfo.com.Trojan.Siggen9.50086.2908.25364.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-05-27 13:31:54 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Verdict:

malicious

Label(s):

guloader

Similar samples:

08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b

0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d

1621dac1140afd3e3eed4b0f4ab0a93e81cd56c76e7532a0cc03d0b5a8dae04d

3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b

5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35

6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b

9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264

9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737

d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba

e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3

+ 5'106 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-sy55feylxj/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 58111c511d6314009903fd52e95aa2f531acbb7886e0c0342914837dbf0d3f86

exe 9d74a45140396715c309ac076839d0abf83ad6e55a4c8fa6cdf6e9cb4dec8cf6

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/369901/

Dropped by

MD5 61c423a3de2ed7bdbd89d74716564aa1

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 58111c511d6314009903fd52e95aa2f531acbb7886e0c0342914837dbf0d3f86

Cape

Cape

https://www.capesandbox.com/analysis/5714/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample