MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b870ae1ce131cc6c8a312938af066d34e7f910c1aaf1d68473b0b076d01164a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b870ae1ce131cc6c8a312938af066d34e7f910c1aaf1d68473b0b076d01164a9
SHA3-384 hash: 57f12e90d93a78f6d4141ed47ee1fbb020006e10e260ed166ef7dc548512a0857e1ba80691e5b7eb427d2e379a6b335d
SHA1 hash: bf3fc6baa7179eff29d492b3976469b945a92a48
MD5 hash: 2c60f8ecd8bc6238d519b9a1b3d7700e
humanhash: artist-harry-single-arkansas
File name:BLT-882020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-26 11:23:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8aac5ec9491ae85fed60464326da739 (1 x GuLoader)
ssdeep 1536:lWO8SCnuNRuhyjjY0iollg6e8k7voGWE:MOzgL23gv8EQGx
Threatray 199 similar samples on MalwareBazaar
TLSH 8EB3080379D86C72EC2CABF29C7185640DB5BC117D014B47BE4AFB5E29722CE94B078A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 103.89.88.225
From: Accounts <accounts@gmail.com>
Reply-To: goodluckfresh@gmail.com
Subject: Re: FW: BLT-088 DOC
Attachment: BLT-882020.Y45.zip (contains "BLT-882020.exe")

GuLoader payload URL:
http://rayyanceram.ir/chucksman_KKlPG78.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4965/
Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:11 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c780ce6cb4281a12cf329e18bdf36b987e34dd15379a4c2f6f8e03ba56e13be
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
34fea5456bb0c7351da3e67c7bcc8f58bcb70ac5b7d9d70e1204a5f4556958c4
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
5668f2f784befed20b52f3d30aa3a9ab374b35a1a853d908ff9ac5c82ddea749
GuLoader
a7a764414712bf2cc09bebe1b8e7dd257fbe7242c4fc103dd7f5876391af0337
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 189 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x6scfzmg7s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 87553159be33057e837b34e6104527266fdb64af6a16f7da825dc4ec8fc48700

GuLoader

Executable exe b870ae1ce131cc6c8a312938af066d34e7f910c1aaf1d68473b0b076d01164a9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368811/
  
Dropped by
MD5 dc086698771da2a22fb0b1264dffeeee
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 87553159be33057e837b34e6104527266fdb64af6a16f7da825dc4ec8fc48700
Cape
Cape
https://www.capesandbox.com/analysis/4965/

Comments