MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 daa83b31dedd9baabaa012bf052e93e0b378fd00d7c8f8b18ddd8665e04aeb4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: daa83b31dedd9baabaa012bf052e93e0b378fd00d7c8f8b18ddd8665e04aeb4b
SHA3-384 hash: 4f464869eaee6bb005d7a33fe8a9d2f251e349840f109517ddb2dcc8aae671f534995761c86ca0f26ffce1570d2fc885
SHA1 hash: 040b1a4a4d51eb111fbf62139dffe59dacdb18ad
MD5 hash: 721f5814f6845ea18ce3262ec929f79e
humanhash: florida-violet-hydrogen-river
File name:PO10062020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 08:27:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9df306724b971accf5a7a37d56bd7b78 (1 x GuLoader)
ssdeep 768:esXuI/9UVLUHMX47zB7z6mvvTBFliTavf2iJIIkIekOU4B7z6:es+lVLojz0UvATxIkIZOD0
Threatray 886 similar samples on MalwareBazaar
TLSH DD732C1BFE189174F44545B0649AD162BB2A7C329406AE0F72446EABBC71D83FCF172B
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

From: 김태영 <info@hopkinsville.net>
Reply-To: kodak3399@protonmail.com
Subject: RORZE: PO-0909T7656067M50- 6 월 주문 샘플 및 프로젝트 사양
Attachment: PO10062020.img (contains "PO10062020.exe")

GuLoader payload URL:
https://noirrealtysolution.com/ad/bin_noYESko197.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5520/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 01:13:00 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3kudwmo63wn2vovack7qklut4czxr7ia27eprmmn3wdglyck5nfq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec
GuLoader
1403d5f33c1379c32f1cb03b1c72d317b81541532647386e7aef8ba51f4c18c6
GuLoader
32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
GuLoader
5344451622e4d4ac6036cdacefa0e5299843a2aee428cd643bcc663630b3b3de
GuLoader
729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285
GuLoader
93afdcf8446b39767947be48bcf4d111edd581f31eae3797f91fb2c5a7838ecf
GuLoader
95b7bbca4d924be150fb6858b8546d3386d44a8a589a7a60ab1a0961718ee84d
GuLoader
acbdc5ee4cfd910a6d94ffee791a5f62631bbf449ee4883bdd3ae6b705b652ee
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0
GuLoader
+ 876 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6qdb5vkebx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img fe47dd75be63c5f1b5db7475d754b8b82e2712dd4355ced71e42f6a4d7c3849d

GuLoader

Executable exe daa83b31dedd9baabaa012bf052e93e0b378fd00d7c8f8b18ddd8665e04aeb4b

(this sample)

  
Dropped by
MD5 25ff77778b1c29165624b36e48f9ab19
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 fe47dd75be63c5f1b5db7475d754b8b82e2712dd4355ced71e42f6a4d7c3849d
Cape
Cape
https://www.capesandbox.com/analysis/5520/

Comments