MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b584d8b69ef7c3f2689e4cecbec9932b84ca55e03c87b1aa9a9b9f56a1ba6c94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b584d8b69ef7c3f2689e4cecbec9932b84ca55e03c87b1aa9a9b9f56a1ba6c94
SHA3-384 hash: 30213563e6d38e4af979e12df72ef1269547992bc9304bc9f447c851966e7c32ef0c7e1bf74554415befd9bff817487f
SHA1 hash: b5085863638165cb0d185e19dee16dd942dae34b
MD5 hash: 279455eab42afc6f98fd9c47184fa2d9
humanhash: april-network-hawaii-comet
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-20 08:43:35 UTC
Last seen:2020-05-20 09:48:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 387628e6b3d4d025fafd76a4f0d71a7f (1 x GuLoader)
ssdeep 1536:YxHm8qSmbGdSdSOl/V0IcTZBnjltzMt2w5:0HRZRooU/V0P1k2G
Threatray 1'514 similar samples on MalwareBazaar
TLSH 22A31821FAA8ECA1CA6449FE4E615AEC064FBC741A11C71F30C5372E09F3A85D97631B
Reporter abuse_ch
Tags:GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail0.82.igfxinvest.com
Sending IP: 68.183.88.97
From: Kelsey Morrison <kmorrison@82.igfxinvest.com>
Subject: PO # 4507600698 - Rev 01
Attachment: PDF.PO 4507600698 - Rev 01-PDF.gz (contains "gunzipped")

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.4739.26398.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 23:22:04 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wwcnrnu667b7e2e6jtwl5smtfocmuvpahsd3dku2topvnin2nska._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
GuLoader
5a30aa9032bf9eb86209f176404481e70fa108b689330a2544ce0b54fa959ab4
GuLoader
6ba2ab2afade3c48fb86ce5290a0980f19e901117033cb723cfd48b3ab2c6888
GuLoader
8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40
GuLoader
983a50787533f7fb48c7aeccfe0cc8ea3b16a76a39b22a1668ef800ed56556f6
GuLoader
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
cebf765590be725ca5f5589e51a0e81236f6e63dae47f1cdff6029429827c0be
GuLoader
eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
GuLoader
f6acfb0076b3a4e817b12f1f4e91eb89dbeeee1bca29d591949b73dfb604ef68
GuLoader
+ 1'504 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5rqrrz7eje/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f353fb602eb036492ffed49e7f71cf9f27cb06db3e07c316b027c63a5f31b8d8

GuLoader

Executable exe b584d8b69ef7c3f2689e4cecbec9932b84ca55e03c87b1aa9a9b9f56a1ba6c94

(this sample)

  
Dropped by
MD5 fff409d3d7ae05b1491e41eedcee2e21
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f353fb602eb036492ffed49e7f71cf9f27cb06db3e07c316b027c63a5f31b8d8

Comments