MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8aea93df30f3e8bd0542030dc4c31c561bdcd1e176a9835372a7d3508750ccf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8aea93df30f3e8bd0542030dc4c31c561bdcd1e176a9835372a7d3508750ccf
SHA3-384 hash: c321be498a1455fded7a7bc99594064c6e10cec243dc6d50a793e224bfebbb29e2fa34d2bf2d37f830a37260d1839b64
SHA1 hash: ef0a5f323bb5a924016a444c42f255ff260c4793
MD5 hash: c93aa724405749dcb8c009bee68d64f8
humanhash: nine-virginia-three-venus
File name:Scan Docs_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 13:15:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ed7285e371f11f4d434f7e36bf7e274c (1 x GuLoader)
ssdeep 1536:yENm45eGWEum3ixAlPMYZJDMpTM16JYjTfl7DxYh:VNm453um38wvbI0rl7tYh
Threatray 440 similar samples on MalwareBazaar
TLSH FE144A25B766DCAADBC040F0D8D1C5F81971BC20DC274A6B72C1BF2E357A5836D6A322
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hosting.comfrel.org
Sending IP: 162.241.208.147
From: ROKONMA (S) PTE <azlina@rokonma.com.my>
Subject: Please send me price list.
Attachment: Scan Docs_pdf.gz (contains "Scan Docs_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1znNEgGZFb1EJ4dpSjSaD4eJjLNVa30r1

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5856/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.lm0@aC1B23ni.17131.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:38:19 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
10 of 31 (32.26%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d
GuLoader
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
396c661ffc736d98af8dfbb324b5a67ec3feb379579969b22b6ffc61d60e4ef4
GuLoader
504cd8dcf16b6e6b55271ef9bcd8603916ec5f81fdeb0615e3c970954d50a7f0
GuLoader
7eb79aa85e80bebf0a52217d26985acb5ff2f594e9f3e0b07e210d7963c2dd4b
GuLoader
a7187cba00f1ecf7d0ce8758c9376610eb513869152e7b4bd28e711f6b440053
GuLoader
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e0c1fb97e28bc9944bc045ee772dd8da34a985a9e410764734eacdb35429cd1b
GuLoader
+ 430 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m6z8qp9e12/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 14814990e7c554b6e7ffb8da016007705c9d330420a7bf1098e4b21ce25c068f

GuLoader

Executable exe e8aea93df30f3e8bd0542030dc4c31c561bdcd1e176a9835372a7d3508750ccf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371068/
  
Dropped by
MD5 83cf69f9d204e90b7992e75578e3e5cb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 14814990e7c554b6e7ffb8da016007705c9d330420a7bf1098e4b21ce25c068f
Cape
Cape
https://www.capesandbox.com/analysis/5856/

Comments