MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae7f733839f6f8e1560db793e5ec36573239f14aee9be57a477a2ec6c433baca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae7f733839f6f8e1560db793e5ec36573239f14aee9be57a477a2ec6c433baca
SHA3-384 hash: c71b912d4183a3d1aabd795033edf09ab021f4313a3c3a78f0e35ea26ba6e9cd958264ae2978b6001b081ccfc1af54c7
SHA1 hash: 04d83a12d9afeb99e44f17f8787df88c066dc357
MD5 hash: ed4e9379d636e4b305491c177138a8f0
humanhash: four-blossom-harry-gee
File name:PO11052020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:13:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 71e9fc6ba4fef94ab1ca14d50edaad30 (1 x GuLoader)
ssdeep 1536:wGo08KEn5gBnQXyNk1/Ylw/Cl8K3+mIxfgtfG8RYLYbs:wGA6BO/zCe6WLY4
Threatray 107 similar samples on MalwareBazaar
TLSH BAC3082275F8ECE1E8580EB11C2369B72915AC227A154F1B3746FB5D633A5C22EF0707
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm81.hanmail.net
Sending IP: 211.231.106.156
From: sales <kn131001@hanmail.net>
Subject: 긴급 견적의뢰
Attachment: PO11052020.IMG (contains "PO11052020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=15J0F5VXzgc8k_95cWWT3oxAgUxZbVttI

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5682/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:13 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d
GuLoader
3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
83526129d030f1ef41174e5c593e51c78b3b12096c51178fb29d505672e30b3d
GuLoader
a7a59d86798f2df99df6adaba2c7713a12fe773b73cf3c4c0ec60e5067136630
GuLoader
b0d9f78957650a0bc42b0bf646e3d158f713de64ee5e6ab395cf777e93a7a240
GuLoader
b4bbfec518b34f417680149af477857ce1a27aa23eaceb4eb99d62230e376ba9
GuLoader
bd7d25a9958f0455c03a169c21ecba511a0ce5a43d528f8c3fdce782e4b31834
GuLoader
c89df787c82531acf38787d9c159b9fc6bd995cb9402ff8f6bab423363c5497e
GuLoader
e7ef14cf9416e9962ca7398e2d9890a5c0dcc92952cf27bf00a61880a8551228
GuLoader
+ 97 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-533rjlyxgx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 444be8871618735a2486cbefaddf036ce012f87a2e2d06c3c755ffd569047488

GuLoader

Executable exe ae7f733839f6f8e1560db793e5ec36573239f14aee9be57a477a2ec6c433baca

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368717/
  
Dropped by
MD5 cbfc0d0fc6e195a12435b4b7f64a487c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 444be8871618735a2486cbefaddf036ce012f87a2e2d06c3c755ffd569047488
Cape
Cape
https://www.capesandbox.com/analysis/5682/

Comments