MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e45b4d0e0b338b2a3875466e875b008043acf8240da0d6caa2ec14d13c02fe41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e45b4d0e0b338b2a3875466e875b008043acf8240da0d6caa2ec14d13c02fe41
SHA3-384 hash: 00d67541887113aff1f89cd2cb054f653efc6fad5606a15e123c0aa9fe15710bee75b641e57c362355e5ae06f8efdd99
SHA1 hash: e28c607306090b9460af1e5c328150fdddecd02f
MD5 hash: 8e3751d6aa2087f8e2445d968281ae4c
humanhash: ink-echo-mango-artist
File name:wire.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:55'000 bytes
First seen:2020-05-26 09:15:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 02f5282297f61d7beee6055d5fc791a5 (1 x GuLoader)
ssdeep 768:FnFuTvqbki8sDImD6IHPPf5yj0J9PtfnSS/IrHgoNYADl+ih/:hFuTy18PIHP35ew5td/zADd/
Threatray 5'120 similar samples on MalwareBazaar
TLSH C43307E0F5F4503BD273CE70CE32D5F801BB3E7C6A09945B1A6074CB0A79A09E56962B
Reporter abuse_ch
Tags:exe GuLoader

Code Signing Certificate

Organisation:BLUNGE
Issuer:BLUNGE
Algorithm:sha256WithRSAEncryption
Valid from:May 26 02:31:17 2020 GMT
Valid to:May 26 02:31:17 2021 GMT
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 7C488EEC59959D1EC411F025EEEB18F7603E13C6013E454D84EBFEA2D16F022A
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.huclangia.tk
Sending IP: 64.52.175.227
From: Paul Runyan <slim@huclangia.tk>
Subject: URGENT REQUEST FOR QUOTE
Attachment: URGENT REQUEST FOR QUOTE.img (contains "wire.exe")

GuLoader payload URL:
http://37.72.175.206/bin_QxtrNnsvE191.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4990/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:22 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 30 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2548272de2d930f99b953bf466d49d5f850f4f9105ff420937edfa9ae70aff7d
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
4dcaa189e4b595f7c2ea35bf30bcbee49f9f9c2a3bbe16d832a30c8df30c2a88
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
b76aeb95000673c2d56341cdf6b6331f868f6e1e0ab5da4e6ca0b2b399361658
GuLoader
ce860f3976ba5df3c4465a4b60d12980677dccc961a9fa91555c7b9de14c3dd8
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-d5ftvscc5j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 1f235e2dfc601b2484aff5de4d95a42106c4942afeb77805e29c6ae7f503e850

GuLoader

Executable exe e45b4d0e0b338b2a3875466e875b008043acf8240da0d6caa2ec14d13c02fe41

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368732/
  
Dropped by
MD5 42e6109ab9e270faf8927b280e399a8f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1f235e2dfc601b2484aff5de4d95a42106c4942afeb77805e29c6ae7f503e850
Cape
Cape
https://www.capesandbox.com/analysis/4990/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:16:00 UTC

#Formbook

https://capesandbox.com/analysis/4990/