MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967
SHA3-384 hash: b64c2c0de9a97821b006bd21b3bd02067f51068cd9dd0b2e66dc7e5e33a76422a1c4f16dad459dc7c4885e9064636710
SHA1 hash: 8be6236a41fa75353733ba310a6264a4ad2d86b1
MD5 hash: ea97440c3145e853ee3c050611dd76e4
humanhash: november-nevada-sad-avocado
File name:file.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:32:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b0a930ddf88dc65f41bef96b8a59e65 (3 x GuLoader)
ssdeep 1536:8W06ET0EF8pxIAbFLMtT9ZTS2HkKKVEdcTWQWS4ho4H/bdMSldOz5PHilLtc5V:uT0o8p6AhUoWS4h9RMXl
Threatray 174 similar samples on MalwareBazaar
TLSH 0C142926B67AECB2DE524470D9C1C5F80454BC14CC278ABF71D0BF2E36B6186A936736
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: Charles Kim(김현철) <jes07@hanmail.net>
Subject: 견적요청서 송부의건
Attachment: file.IMG (contains "file.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1wU-hyiiznY76ILGQdIsrijC4wmgXm44b

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5825/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.18516.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219
GuLoader
14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4
GuLoader
1b15ba9f050a7ff993454ced505009cf9af6cdee45d8acc037ff05bf96304b97
GuLoader
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b
GuLoader
a183841ad3d2f5ce88d9361676673b77ea0610abac6c5206eba8f12dd8abb8b1
GuLoader
c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60
GuLoader
daf9a22fa4f5634d74b6b04e7eb503ac16ccc3787d51b161d26a950d7733008a
GuLoader
f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844
GuLoader
+ 164 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x5vmlg3bfn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ab3fb19e2eaf67044db997f5e61260f12293ec407e503e35fb4b396fbaba8788

GuLoader

Executable exe b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370288/
  
Dropped by
MD5 543fcaca4e20ba97ba4ebb0a44340790
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ab3fb19e2eaf67044db997f5e61260f12293ec407e503e35fb4b396fbaba8788
Cape
Cape
https://www.capesandbox.com/analysis/5825/

Comments