MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14
SHA3-384 hash: 9a08b5225c3bee052fe42aa52f8d9d7c9d37a996e117a83e21bca1d8eaaf75648e88b946858c85d6dc4f128af793253d
SHA1 hash: 571ef417a6cc9b9269c8b3653e1ff85f162d4cf6
MD5 hash: 33f3a37829bac258e7a737b11ea38699
humanhash: freddie-fruit-nine-oven
File name:20 May 2020 COMPANY- PROFILE - COMPLETE-PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 08:33:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 05d93a582e32baaa0a1329e2e781df32 (1 x GuLoader)
ssdeep 768:Xc14QrozyNQYWVSIzD3ERgZPIY/vcqpHQpWhwnq87me/Lg80TNyt/U/S:M1rw9YWSgprnPlF87djg36/B
Threatray 1'589 similar samples on MalwareBazaar
TLSH 0EA3193779A1DD47DA5049F118AB496C161FFC3428164E0726EBBF6C2D32EA2B53630B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Purchasing <aoplsales@accent.in>
Subject: RFQ #3994 (InterPack Fair Contact)
Attachment: COMPANY- PROFILE - COMPLETE-20 May 2020-PDF.z (contains "20 May 2020 COMPANY- PROFILE - COMPLETE-PDF.exe")

GuLoader payload URL:
http://www.pdslhk.com/file/binfle_KiSKWEz195.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:36:25 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uycmww6tmwwwmyvwhoi4reozv5wafjh5rhjj22wxoxmuagzrvqka._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
GuLoader
5a30aa9032bf9eb86209f176404481e70fa108b689330a2544ce0b54fa959ab4
GuLoader
6ba2ab2afade3c48fb86ce5290a0980f19e901117033cb723cfd48b3ab2c6888
GuLoader
8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40
GuLoader
983a50787533f7fb48c7aeccfe0cc8ea3b16a76a39b22a1668ef800ed56556f6
GuLoader
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
cebf765590be725ca5f5589e51a0e81236f6e63dae47f1cdff6029429827c0be
GuLoader
eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
GuLoader
f6acfb0076b3a4e817b12f1f4e91eb89dbeeee1bca29d591949b73dfb604ef68
GuLoader
+ 1'579 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-h5dh2r1npj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ce794b7d276ee5e777a3c559a4a9807a

GuLoader

Executable exe a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366047/
  
Dropped by
MD5 ce794b7d276ee5e777a3c559a4a9807a
  
Delivery method
Distributed via e-mail attachment

Comments