MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d87672e9c15ea338b77c0556e05215656cb90a3a50ac38a51b9c22db0afb0bef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d87672e9c15ea338b77c0556e05215656cb90a3a50ac38a51b9c22db0afb0bef
SHA3-384 hash: ef3185d721ccc7b8656440fc039936a8059a86df4303905edd1be36a45573bfc94be5fb90302d36c2855a1d09e6cbf45
SHA1 hash: 21537e9d18ec590a5321d6d11a968f8471c8b4cb
MD5 hash: 1d386ed3063490b07308691547c2fa51
humanhash: delaware-harry-mars-johnny
File name:GMPO20200527.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:29:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 262a64ff6117fdbb269377a5c1a5a170 (1 x GuLoader)
ssdeep 768:VX49f56sBf/sXEGEKQmAUGklQWVGouk9guPlrahjqAOAEqJd5v8rGAO:6zVUNEmAuGWAq9rBahtOAXj
Threatray 200 similar samples on MalwareBazaar
TLSH 21B31A0F79D08C72ED368B7258B189921D23EC766E204F3B36457B6D6E761C91E7031A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 134-0-117-239.ovz.vps.regruhosting.ru
Sending IP: 134.0.117.239
From: Alex <sale@findmiphone.pw>
Subject: Purchase Order 2003161-0 #NEW STOCK
Attachment: gmb.img (contains "GMPO20200527.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1ABctU6Q-tBlM6TE0L698xIUiF7b8Ky2_

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5755/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43228788.3010.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:37:07 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
57233018ececa82dadc167ce51622ecb6b06a4c08753c951a2a5e91f4b3629de
GuLoader
a50c5d39fc21ccc51d78d76bbec723414f505f40a56961ac00b567ba0d5bda36
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c6a810bf84ea3fd17a282d2a10bec7811c79ff751d5dbcf9eb84cff95f1fd5ba
GuLoader
d47e8c71a8d7cd1722e5b09574c818f4db65ecb4e9696fedbe738ff29f0a6305
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 190 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bmeljqkmze/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 5384ccb0b269d6a8f231c81ae63d7b2107b070f3350fef89058dc8c0c4f70341

GuLoader

Executable exe d87672e9c15ea338b77c0556e05215656cb90a3a50ac38a51b9c22db0afb0bef

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369936/
  
Dropped by
MD5 c8a19b4ad834d97b564e72ce7a6d7349
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5384ccb0b269d6a8f231c81ae63d7b2107b070f3350fef89058dc8c0c4f70341
Cape
Cape
https://www.capesandbox.com/analysis/5755/

Comments