MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb38441f00e31c053e8b96617edb3125104e243f5409757a3ada8d9977fd2c34. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb38441f00e31c053e8b96617edb3125104e243f5409757a3ada8d9977fd2c34
SHA3-384 hash: 57d2dd1a3c132ad3e9a5330972bb20556c6c6896045a10859a13989b1c4dd22bb58aa86c1a3dea8dabcf290d8fbd33ae
SHA1 hash: bb125103538d306c1d0aa5fd83022ead2cb549a9
MD5 hash: 919d01a7ee934aa0c1f761022302cf9d
humanhash: carpet-whiskey-blossom-iowa
File name:tallest.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 16:32:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b95dac19f5f45a2531fedca3086065ad (1 x GuLoader)
ssdeep 768:5kvylyeXm5xEqlc8jyKJ98HRAq5Wwp+52aEVvXuTcPlA8A2a:aLj+syKJuxAcWOk2TVvXmctTa
Threatray 451 similar samples on MalwareBazaar
TLSH 9D834C66F4D4D173D71A4AF25AA5A7A9052EBC300E51890772CC7F6D2B3BA10E92132F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.forevertravel.com.my
Sending IP: 110.4.42.51
From: Kyum Kim <kim@osc21.co.jp>
Subject: Disposable face mask , KN95, Coverall chemical protection supplier and transporter
Attachment: Disposable face mask , KN95, Coverall chemical protection supplier and transporter.pdf (contains "tallest.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:37:08 UTC
AV detection:
18 of 30 (60.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xm4eihya4moakpulszqx5wzreuie4jb7kqexk6r23kgzs575fq2a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e67a756fae287327df087026a90555ce7c261730aae3d95073164169e8e9d97
GuLoader
13d10e66adeed80219a06a426a6d43de723315a9fe04ba5000ca73fa94205bb2
GuLoader
38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d
GuLoader
7e5b0829c6ff31260033e79d4172ef09efa4c6667a99c97b8ec82d614a68a241
GuLoader
9936263d7a358e5113b0ba284d8c321c2bfd9510cf4213c7ad5b5fd6b54db9ed
GuLoader
a102ce665ad68d76c1fae745d9eb530e801efa07e16672e07792f202958da80f
GuLoader
a9a117ae98fd5a5f90a2058461be2dc525bde25a920d9acaeae2490633587392
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c81c72186965fd22cb55f1b0e4d9f455dbbf279dad35d8ce567bff28e135fd34
GuLoader
dec9d864332aed8fa899cbbfa85ffb4404744257be8c7bd8ab0a6464df226acd
GuLoader
+ 441 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jq8gf7ty3a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

a09878a479df5fbec798c2ffccd539bd

GuLoader

Executable exe bb38441f00e31c053e8b96617edb3125104e243f5409757a3ada8d9977fd2c34

(this sample)

  
Dropped by
MD5 a09878a479df5fbec798c2ffccd539bd
  
Delivery method
Distributed via e-mail attachment

Comments