MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
SHA3-384 hash: b5ba109303be08c8dc24172692687c6b0ed8000dee5b936be333c8324f2376fca9616261bb9e9e2556b3433fdf23324e
SHA1 hash: a7c2a060beaf5f24f5b9d72c6e6aed5c0fa6e3c2
MD5 hash: d9361e0a8742c3b2b5e9a44e6f66e3ef
humanhash: august-london-ack-white
File name:bank details.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:36:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a0bf9cf14fbb32f570640df090c570f0 (2 x GuLoader)
ssdeep 1536:nCfhApnpmikBr5kSg0H5EBeOU6ek2eep+2aUvCD8aDNoEV:8hAZkBvqBeOUe2DpEZLoW
Threatray 491 similar samples on MalwareBazaar
TLSH C9B32B2B79E59C7AD9388FB049334E552D3AAC756C005F0B320AB75D253734E29F9326
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp98.iad3a.emailsrvr.com
Sending IP: 173.203.187.98
From: Angel Frco. Ruiz <veges@thealtitudestore.com>
Subject: Re: Confirm account details for payment
Attachment: bank details.arj (contains "bank details.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Zx05iygNQ-0KDs5b3jZi1sZNxZg3Qmr-

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5081/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 00:32:24 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
netwirerc
Create hunting rule
Similar samples:
06e0e3da562a627b84f328a76d70b62326e2b5a82fd28bf943b6d3dfd1f26cb7
GuLoader
0c017b57d7f1cbfa01f54deb15b7f04b8923acd4585435050589b1762856247e
GuLoader
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
GuLoader
9c5315409c9ccb1e74195e244a17531781b973f9f489743602c18aaf5a22e7fb
GuLoader
a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e
GuLoader
a63dfd81e0eb6283bc0051a3c1f80ba0eb818d132aafe5e6a1cc3cd63a3433ff
GuLoader
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 481 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xg9nqg52px/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 0af5afbdeac24dd30437d591c6504d13ec83ea3ec44e6ccb9d7789e78c5eeb76

GuLoader

Executable exe a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369981/
  
Dropped by
MD5 eb74f6c13848775d4268686f0c296781
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0af5afbdeac24dd30437d591c6504d13ec83ea3ec44e6ccb9d7789e78c5eeb76
Cape
Cape
https://www.capesandbox.com/analysis/5081/
Cape
Cape
https://www.capesandbox.com/analysis/5072/

Comments