MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2e6c6309b38be8d57c9164b837a1ec50ab97d980a4f1ec4575fe12f74bdc6c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2e6c6309b38be8d57c9164b837a1ec50ab97d980a4f1ec4575fe12f74bdc6c5
SHA3-384 hash: a6648509e489ba2c56a906f72850f5384ab689568644a155a31814dbc0917b87157032d0ff8f016cf60f701095527087
SHA1 hash: 5b71392a893f76103bb1bebeb26e454cab39b6b8
MD5 hash: 7c0c4950d8b01da2a8a93fb65fb0ba96
humanhash: delta-triple-sixteen-aspen
File name:RFQ-OM-3994 - Closing Date 30.05.2020 - MEPF-PO-2020-060PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:37:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5ccfce47b94fdec33421ebe84b99daba (1 x GuLoader)
ssdeep 768:uHQqeknVOWFTPvWoWk7mDJudX5214R1Ud8U/S681YVMUxYpnqkg1H6x8lWwT4ip3:uDxLNh0wg1KUd8568irNlH6x8lWwL
Threatray 115 similar samples on MalwareBazaar
TLSH C7B3C8627EC1EDB1EEB44FB90CA18A744E36FC665C411F07304C7B5E253B28968F2669
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Import Manager <himanshu@anantcreation.co.in>
Subject: Product Inquiry
Attachment: RFQ-OM-3994 - Closing Date 30.05.2020 - MEPF-PO-2020-060PDF.z (contains "RFQ-OM-3994 - Closing Date 30.05.2020 - MEPF-PO-2020-060PDF.exe")

GuLoader payload URL:
http://www.pdslhk.com/file/binfle_ACzOcwHde53.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5634/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 02:40:52 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e319c36c39c8504a0349445b2282bc450758b7e670a3477c0653b1daafffaff
GuLoader
575397578fec6865ac95bcf6541e56a711bcfe08e3bb0d9bb456ff345ab1602c
GuLoader
7a46dcdfbe1991b5e05e4681dc027f2a8fcfb62abab89421b7aefd7397dafdb9
GuLoader
7cbc380c05ce0b8e7ff6c94ee11ac6aec99adfb14e530f43d895af660588e984
GuLoader
82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c44e8d9dba3b4a4cc835b460e69d336347fd3fbfb67621d7cd6e8723976607ce
GuLoader
da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e
GuLoader
e4601ce15ad7bca4617ad033f129a5d507f8e55b979c97a78cf31a6f501cb046
GuLoader
f27183fd7586c6eaca1f6aaed3a7c3c6e52894e23b9656c3953318a85bbbec5d
GuLoader
+ 105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-d8mj1jnglj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z 42cae7864931a1bf6193d32260d1bbb3db4e02914a0a01c4e31f6345c5bce4d7

GuLoader

Executable exe b2e6c6309b38be8d57c9164b837a1ec50ab97d980a4f1ec4575fe12f74bdc6c5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368641/
  
Dropped by
MD5 33fcb980240e66bf740f7006ef72a4e0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 42cae7864931a1bf6193d32260d1bbb3db4e02914a0a01c4e31f6345c5bce4d7
Cape
Cape
https://www.capesandbox.com/analysis/5634/

Comments