MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3595de4667f3fccf8f9aee7fd1da790646fee898a04fea1d063b927267d2de4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3595de4667f3fccf8f9aee7fd1da790646fee898a04fea1d063b927267d2de4
SHA3-384 hash: 333b42298733902e2e26943d7387ccb98f7d0b55a76f8b0c27cae568137bced00238def57dc1df69e61bc5cecb13ced8
SHA1 hash: a724e991fa4426bfa89afd6933f5350b414a4c3c
MD5 hash: 8935534b83bd6a0914bde36d3886f0c7
humanhash: tango-november-rugby-salami
File name:Signed P.O NO.LMC378478372020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 09:23:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f0104272cb79b5d60a66ca585867da47 (1 x GuLoader)
ssdeep 1536:RSPfxV40PF+bWkgrKHxLdGKc+o0FDHdZ1gIrV08KT/NeyGo5g:kPX+4KVdhjFD9zXOt5g
Threatray 893 similar samples on MalwareBazaar
TLSH E9B37B07ED4D8963D1144BBD2D578EBA3B0DA80C0D416FEFB575AE9BAD322021CA711E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sv49d147.emailserver.vn
Sending IP: 103.15.49.147
From: dannychan@ksi-solution.com <anh5.nt@sigma.net.vn>
Subject: 已簽署的 P.Os
Attachment: Signed P.O NO.LMC378478372020.rar (contains "Signed P.O NO.LMC378478372020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Lokibot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6240/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 15:55:24 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2nmv3zdgp474z6hzv3t72hnhsbsg73ujricp5ioqmo4sojt5fxsa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ee39f6cd500940ad97c444778dc717361e01ce5579a28d761aedae86e85af64
GuLoader
2cf01afb98a61b2af1b0458770d83d230d1c9ab3bfcb9f2b6a504395403b5165
GuLoader
36db728736b47a5c1b050ed1255c0244c3f272b9897ef507c6348b61ae6f6e94
GuLoader
3bce2cb71450f3924688d64791d70feaa8a49e25784d3d64451b3b1d2d25cdbf
GuLoader
4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99
GuLoader
4c1fe4c0f5d8d1277036802c83df3e083b31318dfc2c194ce93b7169d7ba6e3d
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
GuLoader
b1bfc64b0b5890c39650f9ec6a12bb8b7c4b84654de8898d694f199f359b12a5
GuLoader
b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397
GuLoader
+ 883 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8zs6s42cj6/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 41160d3ef50d9caba03782fef6ed9753b53d39bc719f24233211b30c2f36386f

GuLoader

Executable exe d3595de4667f3fccf8f9aee7fd1da790646fee898a04fea1d063b927267d2de4

(this sample)

  
Dropped by
MD5 cb6301cac3dc702394967c74acfe9ea4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 41160d3ef50d9caba03782fef6ed9753b53d39bc719f24233211b30c2f36386f
Cape
Cape
https://www.capesandbox.com/analysis/6240/

Comments