MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47
SHA3-384 hash: 195ee817335e92ff0dd29e186237c8d90e2ae153c24b66d0b7dcaeac4bddb258cde615f6ac2a1cd0376538d09ce59cc3
SHA1 hash: 9f498875d73b8908f67cb9a8f5b922d27b5c6817
MD5 hash: eb568750da27deeaac348fb40f15e8d7
humanhash: romeo-fish-seventeen-pennsylvania
File name:PO-NX-LI-15-0001.pif
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:13:40 UTC
Last seen:2020-05-27 17:50:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f744ef885fc1ad8547023f4d1416a9b3 (2 x GuLoader)
ssdeep 1536:tqhvdryZz0KrDsVckD4NIrf7R+tVAl47CMMHwH9i+v:E/yZz0KrDsVckD4NIrf7R+tdCcp
Threatray 98 similar samples on MalwareBazaar
TLSH 5BB32A1B71919C76D8708FB108318AA56D32BD79AE144F477248BF1D29332CBAD707AB
Reporter abuse_ch
Tags:GuLoader pif


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.onethaifoods.com
Sending IP: 45.95.168.240
From: Mrs: Christina Lee <enquiry@onethaifoods.com>
Subject: 回复:回复: Purchase Order NX-LI-15-0001
Attachment: PO-NX-LI-15-0001.zip (contains "PO-NX-LI-15-0001.pif")

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/am_URgnCGKXDA59.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5738/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33911366.19767.5796.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 13:43:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
021ecc7db491245a744d036978de5a20916eeb67299c50f1f456ea21e622d7f5
GuLoader
28dfc81c0660d22a889fa79cf30b0698e1f4c78a6693c277931868b67b29646e
GuLoader
2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
6327c2d28925dd4680b13585501e34181fc4beefaeb08040d1c10fc91a16f0a3
GuLoader
8d6e4671da660a178432514e56aaf7445ea4f03a60f20cc9b6d29826ab435975
GuLoader
b092a330b736b90c25196d0784455f5d605aae83dca16f8569451236204d0976
GuLoader
b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
+ 88 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kd4g1jdxxj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6e05106e9befc76dc91c3e8e6b2574cd9aaeb6595e7351c62738ff1670bb8059

GuLoader

Executable exe bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369929/
  
Dropped by
MD5 c274532c73a8179f6b7ee0aa39c3916d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6e05106e9befc76dc91c3e8e6b2574cd9aaeb6595e7351c62738ff1670bb8059
Cape
Cape
https://www.capesandbox.com/analysis/5738/

Comments