MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d07136d108ff4e1867ba77d46bd6f9e9f83e64566d83b1b7c2099dd0de7fc4a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d07136d108ff4e1867ba77d46bd6f9e9f83e64566d83b1b7c2099dd0de7fc4a3
SHA3-384 hash: 3c7f51381af28338309ea456f743ca733d5f5b02c352e40e2c105bdbc221157d64dc3d124b96bf7c04f33cf589b40c7d
SHA1 hash: a19ba50143dc2a1257663adb5e695f48bfb37166
MD5 hash: c6c3b0bccccb1ccfba4dd1f79c027f47
humanhash: uniform-stairway-burger-equal
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-28 13:16:51 UTC
Last seen:2020-05-28 13:34:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2dce019dd59e9ac7b3fd5756d437329c (1 x GuLoader)
ssdeep 1536:IbLeAQwJxPLGmhx6ETctiIVoY21B8QCjCZn1In24gcCz2dQNuewZXxx2mHDIpQIS:YvJxPimholopHyjCN1I2r2dQNEvNaS
Threatray 85 similar samples on MalwareBazaar
TLSH C60439367649CCA6D9A006B4DDE0C4F40521FC18C927CE6776C1BF6F76790C6AE2A236
Reporter abuse_ch
Tags:GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.cn-nakareg.com
Sending IP: 45.95.169.32
From: info@cn-nakareg.com <info@cn-nakareg.com>
Subject: Re: Urgent Order PO20051987
Attachment: Urgent order_PDF.gz (contains "gunzipped")

GuLoader payload URL:
http://baritaco.com/build_VZiETVXFTj172.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5862/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMEF.6945.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:34:14 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d
GuLoader
126acb98fb11ef309998bc79532c29a142cc478d0fcd793c29eaf68f903d592b
GuLoader
1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
GuLoader
6d58c8e531d65f5713f19a8caf7b6ac0f4ce25adf29a3b96aeee7de4045f409a
GuLoader
78cb6053d76d453fb3885f47c1634fc28e20862a5a73bcdc1557e5620ae7416f
GuLoader
7c33ae96ec0eccc801f5de0fc20ec241610867747e6edec84578d9372820493d
GuLoader
823d3e4a009254382cf9401cffddeb21e5be60ab5bb283ad325734c8c14cd695
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d3dc4b2cf4dcc0e0ba520ab033e94a7725aa8f86c2b05d49fef5e5e1f60b7844
GuLoader
ebd6a36a1a04c51f11cf2bdddb5618da42e2839c1507e34e604627ae214c8e58
GuLoader
+ 75 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-l1pr998872/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 17d053381189d86ac47b70971e0722a79ad76affaf7d57ddac671e097a278138

GuLoader

Executable exe d07136d108ff4e1867ba77d46bd6f9e9f83e64566d83b1b7c2099dd0de7fc4a3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369487/
  
Dropped by
MD5 7be129cfd5368adb5cb53d213053ad78
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 17d053381189d86ac47b70971e0722a79ad76affaf7d57ddac671e097a278138
Cape
Cape
https://www.capesandbox.com/analysis/5862/

Comments