MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248
SHA3-384 hash: 92bcbde695bfffdbfe7942775bc485da8999bc6721c350f7c7ed0d9aa9a70b8a146986efc0f04b663fcea6cafa6cb185
SHA1 hash: 3a69c051d698c14cbdbd0869f6c0a67bf82de3c8
MD5 hash: b1d05cc90c4a3d78c2e67b8266f2f3f6
humanhash: cup-may-fish-mobile
File name:Memo _ Circular.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:29:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 43b033fabf59c04230a087ca3741a1ec (1 x GuLoader)
ssdeep 1536:TQFpyNlh84ydNiTLbde4omKxXAQcx2Qt:T6kNlJyWzo3AQy2I
Threatray 185 similar samples on MalwareBazaar
TLSH 60B3E81F7AD08C76F934CFB129B195962D72BC293C204A277140BB6D693759E2CE072B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victim-domain
Sending IP: 193.142.58.27
From: victim-email
Reply-To: appoint <wiz2018@bk.ru>
Subject: Fw: Latest Company Memo / Circular
Attachment: attachments.zip (contains "Memo _ Circular.com")

GuLoader payload URL:
http://windcomtechnologies.com/wizzymax@pakcountrysecurity_wUPewkknfV91.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5757/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 11:39:27 UTC
AV detection:
14 of 31 (45.16%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
243a2b578261be1f29edf7c38a2c2b034bdf7b05591d5cbd8d386d3b2d003c20
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
GuLoader
6431e6867f99822d3db78c6414571041c14b194fc6363aec5618180b492389ba
GuLoader
69386692648e92eb4a80be0962bc1dff4a1c6773ed7ae2f30a2947ad96449f03
GuLoader
91adaeeb7ac7733741a68cc0283a10f64403f64d1378558bae2342bec847f8e5
GuLoader
9ce39afed2b1b439d074bcda9791a603e32054133fb4928c58f4504af4cda576
GuLoader
efb49d2dce05a0e46211758c5907f085ed3ca37a93da268db71cf5dc34e9c52a
GuLoader
f7bc1d048862d9c11b8ed1a9b294d1d1913d2b11ca19598ec1d7f2e028dd207e
GuLoader
+ 175 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mk8xxp6lpx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 91b9ccd97449ddfad38bcf679951e26a89ab5872c09c99635d99257f0e7601f4

GuLoader

Executable exe a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367439/
  
Dropped by
MD5 2c1412d5634ad13446045d06357d4ee4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 91b9ccd97449ddfad38bcf679951e26a89ab5872c09c99635d99257f0e7601f4
Cape
Cape
https://www.capesandbox.com/analysis/5757/

Comments