MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c906a842516c0b1b052768b573c44fc42d24e0abc4d89ca8e4afc2559adaea1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c906a842516c0b1b052768b573c44fc42d24e0abc4d89ca8e4afc2559adaea1d
SHA3-384 hash: 9ca00fde97dee39092f250bf39fedb731391a07177b2ed983c700031082f32e156b040b23c4d178fc5640a0dd4d7b69f
SHA1 hash: 3c103392e7933417b5078593a64eeba740bb36e0
MD5 hash: 31914396d18930e71fdc969f41a02620
humanhash: arizona-seventeen-jig-johnny
File name:WL_quote.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:59:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a4a383c753202827b7b3cd42b89e4893 (1 x GuLoader)
ssdeep 768:9YUJOrCFMn3EZjJOK70tamWTCYPuTwyMiHyNnyyY3xv5YPVqyA/FYdHT:9kGkEZAK70tSWTwyRyyYNqy8YJ
Threatray 5'074 similar samples on MalwareBazaar
TLSH A9934A4676D7E632E6168FB02B6AA7D4047FFC309D118E4B26C43E6D1A3AB52B41031F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm84.hanmail.net
Sending IP: 211.231.106.159
From: 권성록 <scien01@daum.net>
Subject: 견적문의 드립니다.\x0a(권성록 입니다.)
Attachment: H4A2-423-EM154-301.PDF.IMG (contains "WL_quote.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45743.15796.11764.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 07:54:24 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zedkqqsrnqfrwbjhnc2xhrcpyqwsjyflytmjzkhev7bflgw25ioq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298
GuLoader
1f577a72bdda8e2504e3ab0094e129efe0c8348489c5c4baf9beae2fa5cecaec
GuLoader
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
GuLoader
4c1fe4c0f5d8d1277036802c83df3e083b31318dfc2c194ce93b7169d7ba6e3d
GuLoader
5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15
GuLoader
9a4f09a04f936d38799360de7c824701e635ce56d7d014903a6934626c3042a0
GuLoader
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
GuLoader
d34f87c6a070f4f73344156c16be7040f2932053aea2868e98b0fa4297113835
GuLoader
e69790e910b1817bcfb714f20fda02b6e024babd3dfcea8fa982192928a5df93
GuLoader
e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3
GuLoader
+ 5'064 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-djevt12t2j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

593aff13c8871e4b3b4893c118391bf1

GuLoader

Executable exe c906a842516c0b1b052768b573c44fc42d24e0abc4d89ca8e4afc2559adaea1d

(this sample)

  
Dropped by
MD5 593aff13c8871e4b3b4893c118391bf1
  
Delivery method
Distributed via e-mail attachment

Comments