MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8f0dd4a951cb42729e34171301bf46bd708a8c1c1c0b5b7daf2ed9036b97cca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8f0dd4a951cb42729e34171301bf46bd708a8c1c1c0b5b7daf2ed9036b97cca
SHA3-384 hash: 1a58f16bbea9b25b723415ae75abd451b9c5b0ba7101f72ac6f51dbca7f31bd87a0af8d9101790b5e312d6083fb308d5
SHA1 hash: b14e6ca055c964927c843024edc8b3bb98f7c767
MD5 hash: 080e97164bbdda9d0a1d3862cfea641a
humanhash: muppet-foxtrot-quebec-juliet
File name:CEMENTOS-DOC.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-05-26 07:18:19 UTC
Last seen:2020-05-26 08:15:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash feaa4225deee18a17e72864b60b0b3f8 (5 x GuLoader)
ssdeep 768:cA9i/IVkdq7I93nTMBoeUmYSElQbMsY8JhGO1An7DbgYEqlh:cASljM/UmYxlQbMsYMnin7DEYEuh
Threatray 5'319 similar samples on MalwareBazaar
TLSH DA533A5AB6F8D877DB8587F21F309BDA0597FCB21812C9076524396F1A37E42CA2134B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: kfistudios.cam
Sending IP: 111.90.158.131
From: JUAN ALBERTO URBANO <grencia@cementoscauca.com.co>
Reply-To: hinduhyog2011@gmail.com
Subject: QUOTATION INQUIRY
Attachment: CEMENTOS-DOC.rar (contains "CEMENTOS-DOC.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=19OO8JKe7-QMcKpDw9hJhOie4KSCzmdVC

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5595/
Detection(s):
SecuriteInfo.com.generic.ml.28006.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 07:36:39 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4
GuLoader
9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f
GuLoader
b3a1b2c34631ea7174675f09e243ec00136cf9b7f585d97d1a85539ee7f279a3
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
+ 5'309 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-755p5b5jje/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f05839f9f0964e9a01e8524efc20ee738fd4c0118ff95d232c2c80e6af5c6bcd

GuLoader

Executable exe e8f0dd4a951cb42729e34171301bf46bd708a8c1c1c0b5b7daf2ed9036b97cca

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368700/
  
Dropped by
MD5 aceb42f34a34114012c7763d4e9ff357
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f05839f9f0964e9a01e8524efc20ee738fd4c0118ff95d232c2c80e6af5c6bcd
Cape
Cape
https://www.capesandbox.com/analysis/5595/

Comments