MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4402badda18b6a4c832fcb22697a4847bb438350502975e764257027dc7f670. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4402badda18b6a4c832fcb22697a4847bb438350502975e764257027dc7f670
SHA3-384 hash: ed65535508a71575a33e8c79d8b07efb3bb31f6894b0f5f17bd0708955b1b54f3d3367e9756c01b41128dda7ac508627
SHA1 hash: 1c78fb954887a7ebce58d683b6253fc258498178
MD5 hash: 1413548a26480c4ff16a00c4648c34bf
humanhash: west-charlie-aspen-high
File name:World health Contract WHEU004CONTRACH2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:27:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8499fc54aaba61125cc4b133e1837d32 (1 x GuLoader)
ssdeep 768:ZLhc7416N8lBR2zO0k8nG/0rw3KSgaBF556EQNLL4CDROJKkaRER5i:lFO8lLakDcQKSdBoxRDROUR
Threatray 870 similar samples on MalwareBazaar
TLSH 40734917AE08CA21D57086715CA3C7AE3F16BC0C49C65B4B355E6E5BFB32361AC4E21D
Reporter abuse_ch
Tags:exe GuLoader WHO


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: essentialoilmach.com
Sending IP: 209.58.149.66
From: WORLD HEALTH <kathy@essentialoilmach.com>
Subject: World health Contract WHEU004CONTRACH2020.zip
Attachment: World health Contract WHEU004CONTRACH2020.zip (contains "World health Contract WHEU004CONTRACH2020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1sfWp8qt8IqRnCBA0VlZaFqGcDw3hfOiH

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6125/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:47 UTC
AV detection:
24 of 47 (51.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4racxlo2dc3kjsbs7szcnf5eqr53iobvaubjoxtwijlqe7oh6zya._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a058410467d9a9aca36e588d9e3a0436b90b949c352f05ace83aa244e2567a2
GuLoader
2c27feaca7c04d48cd54730df7e4c89dc200d18658fd78c6a3388a94f15dca9b
GuLoader
2c8251c9e4f2d470d79530e8a6e57f3a59216cf6366e97464d743d3f25e534cc
GuLoader
345ed143bf3a28f74de72fa62a271a67fb28ae04e6ca0fefa8eb09c7782dc3e6
GuLoader
36dfe939ec3ee8460a6277c78e8f360969f65cb970f829e407039f78d2aacbbe
GuLoader
4c83cd741a7210492c0146135bd247c08aac84ce75b26e520c1e74f806d71452
GuLoader
a8c03f50ff8217b8e4fe7e650360a566003875d0a943af2f2b3b895908872e4a
GuLoader
bbe2a604c11442ee74adb7fa17910ca8e5665ab463e4a45b478707faa3a284e4
GuLoader
cee8a845815daa1914a89033be9f89287fab6194e8b8b700ec058013d6fa8c54
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
+ 860 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5qh2el4mgn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ede8bd5e8da02e7dbce1f161e8d691b9

GuLoader

Executable exe e4402badda18b6a4c832fcb22697a4847bb438350502975e764257027dc7f670

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373375/
  
Dropped by
MD5 ede8bd5e8da02e7dbce1f161e8d691b9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6125/

Comments