MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e80e2cf38bd72bd64cafaaaa0eafc2965bdda90feeb5c153947f81dcdb98e6d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e80e2cf38bd72bd64cafaaaa0eafc2965bdda90feeb5c153947f81dcdb98e6d0
SHA3-384 hash: f1440f7782f9a560b59b876a0f59f68fe71598b7e9e5a11665e653dc638b229fda7b9c012b38d14b6eefc18f26c109f2
SHA1 hash: 502ec8ee53a95893ae8996046687b6b28f244e5d
MD5 hash: 107e194b6ed20d592aaf844f6ce96721
humanhash: neptune-black-utah-seventeen
File name:20200424_PO1757611yk.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-07 06:41:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7f2211d95398885f88fd031a90e10c50 (1 x GuLoader)
ssdeep 768:q/J+BWO/mK1/YIH3rykAP4kNGnI5Bb6HhO7CMsIVdNQSNBH:7/mBM7yXP4kNbvbOWV
Threatray 151 similar samples on MalwareBazaar
TLSH FE93C3117EB4EE2AD25436B1DBA5F6AEC355BC301A328D0764C53A1E2F31E169C7122F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm38.hanmail.net
Sending IP: 203.133.180.226
From: 씨맥스광주 <hana5744@hanmail.net>
Subject: 견적의뢰드립니다 - 씨드코
Attachment: 20200424_PO1757611yk.img (contains "20200424_PO1757611yk.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fareitvb-7770369-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 07:31:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ahcz44l24v5mtfpvkva5l6cszn53kip5224cu4up6a5zw4y43ia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10e06d6dedcfa52bb09cfb066ed4b5276a6a60ccfc5a6230911ce04b829f381f
GuLoader
47296594a8ffd81843b838555873c6c129bfccd6c211c4033de7cf7523190bd0
GuLoader
623d2dced40110b216c19c5d48ecb250235278055ca3a7192ac98a8640d663f2
GuLoader
8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1
GuLoader
b32598815ea88a25f6459ae8b5035d0ed9c787d8fee5f124a24543c0550d9070
GuLoader
b4cb5e02fc90c85a8ec05d9216df64e392f416f6d6fc41366608920c9cbf2466
GuLoader
c829aa312e2ea1c043566e26517b2bf90e9c12ed68e9d7d24577ebc13f2cf3b1
GuLoader
c8b706bb1149005a7e27ee5f954ef9fc057d3d92197079dd3436c507dca3947b
GuLoader
ecd4eb939a0fbab100729b6833c67c9fa96416073bf36f82b06393fdd12dd045
GuLoader
f3b9c07ea611e968e7483b8828a480ff7b356a43eab344c984b37930c8dd6417
GuLoader
+ 141 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6ayanlfmex/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 12dcddc725d63958436e513bf353b784ef487d647af7cc92353783deb33f8113

GuLoader

Executable exe e80e2cf38bd72bd64cafaaaa0eafc2965bdda90feeb5c153947f81dcdb98e6d0

(this sample)

  
Dropped by
MD5 16799c718ee24d39bfc1e0837ef86d99
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 12dcddc725d63958436e513bf353b784ef487d647af7cc92353783deb33f8113

Comments