MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e013766345fe3fc36669625205e1088b24b4c9cd5b42696cdcf3cd31d76c8a35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e013766345fe3fc36669625205e1088b24b4c9cd5b42696cdcf3cd31d76c8a35
SHA3-384 hash: 7d05995488cac9815c9cb0152a76a1ee9544b5ddb34e03d760c458503726d14d82436a1fef34574e445760c409f95348
SHA1 hash: 3c52826c7f178b11dcf5007b634080d952a51525
MD5 hash: aa0775ce158af8c498af68e03807441a
humanhash: october-hamper-mexico-sweet
File name:New-PO-0576879-Rev-Order-Sample-Quotation.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 12:59:36 UTC
Last seen:2020-05-27 14:13:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3057b9a892d89d34528519f71ee3f104 (1 x GuLoader)
ssdeep 768:1HkZcDl2JDywilf1yXl0AFgB1O1Qx/A+phEpTfpfkFVIeNSDbaJZbI0OArkA3:x9k2j10l0xPWQvIpfkweNS/QI0O8
Threatray 255 similar samples on MalwareBazaar
TLSH 1BB30B1BB990ACB2D8718B731875D5A15D27BC3969000F177309BA5D29F76CB2EF032A
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm48.hanmail.net
Sending IP: 203.133.180.236
From: 이철승 <go7604@hanmail.net>
Subject: New-PO-0576879-Rev-Order-Sample-Quotation
Attachment: New-PO-0576879-Rev-Order-Sample-Quotation.img (contains "New-PO-0576879-Rev-Order-Sample-Quotation.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1B8swPxlgM2e5GdJBu4cY5UJU9mrQbmTv

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5706/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50056.26148.29436.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:22:04 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0232fe4b3256a6a4700de482e5e9074baf4548d7604cf4404182be73353ee32f
GuLoader
136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449
GuLoader
26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
8343a39d3be7fadba5499bdde6887e016fd688309e881a394dfbc5392ca1e2cf
GuLoader
a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967
GuLoader
daf9a22fa4f5634d74b6b04e7eb503ac16ccc3787d51b161d26a950d7733008a
GuLoader
f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844
GuLoader
+ 245 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fkzebs2qna/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8a62e23c603e078dedc7fa838a50e51055797bc48a255813ed7195ef0cab1923

GuLoader

Executable exe e013766345fe3fc36669625205e1088b24b4c9cd5b42696cdcf3cd31d76c8a35

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369896/
  
Dropped by
MD5 82b81541d313a8afdaa8ca84527930e2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8a62e23c603e078dedc7fa838a50e51055797bc48a255813ed7195ef0cab1923
Cape
Cape
https://www.capesandbox.com/analysis/5706/

Comments