MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b16a20057b577660cec3a602bcfda96f40152aee86d0978babc68b7ca4391942. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b16a20057b577660cec3a602bcfda96f40152aee86d0978babc68b7ca4391942
SHA3-384 hash: b84bd91a9134df3c15bf60915d7601a0035f754dcc6938400297f4296749ba782ed473435b5e2d8546265b4b359a6ee3
SHA1 hash: b6edc5d1acb609e852c8fbc263232ce79ccabd58
MD5 hash: 0268b84c0a2659565a3bddeb5ce592fa
humanhash: shade-cup-tennessee-helium
File name:Invoice 06trsd44 for check.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:29:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash abcd3fea48262d5fe866f4a9b6c840c7 (1 x GuLoader)
ssdeep 1536:OVgTtyNk+vv2kTEgG3QhJVAui7AJz7HR2dgh:O+Tt7+vv2kTyQ/VAnuzrQa
Threatray 1'478 similar samples on MalwareBazaar
TLSH A8B3C42271C4ACA2EA755BB64EB5AEE46C37BC2C1D014F03704DF75C1E3728929A275B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hunanpipe.com
Sending IP: 156.96.59.92
From: sherly<sherly23@hunanpipe.com>
Subject: Incorrect Invoice For Amendment Asap!
Attachment: Invoice 06trsd44 for check.zip (contains "Invoice 06trsd44 for check.exe")

GuLoader payload URL:
http://hosseinsoltani.ir/wp-includes/fonts/gozman_fOgNPZ59.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5619/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 22:25:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
0f9f76e8ffa64b600745b99b8f7b51cfa151299424e6523995c6c0bcd7a5cd6b
GuLoader
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
GuLoader
5a30aa9032bf9eb86209f176404481e70fa108b689330a2544ce0b54fa959ab4
GuLoader
6ba2ab2afade3c48fb86ce5290a0980f19e901117033cb723cfd48b3ab2c6888
GuLoader
86a315be4e708db92a2991b39cadb2074228c327640a26e019325294eeb1bc3a
GuLoader
8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40
GuLoader
983a50787533f7fb48c7aeccfe0cc8ea3b16a76a39b22a1668ef800ed56556f6
GuLoader
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
GuLoader
cebf765590be725ca5f5589e51a0e81236f6e63dae47f1cdff6029429827c0be
GuLoader
eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
GuLoader
+ 1'468 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x1x1dt2krj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 847b24e839ea4bd525d6cfc50ab0a08eea5a9647751b3d2c69be645c55e83c85

GuLoader

Executable exe b16a20057b577660cec3a602bcfda96f40152aee86d0978babc68b7ca4391942

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368654/
  
Dropped by
MD5 38c59006629c460540e2992f4d17915a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 847b24e839ea4bd525d6cfc50ab0a08eea5a9647751b3d2c69be645c55e83c85
Cape
Cape
https://www.capesandbox.com/analysis/5619/

Comments