MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed1148a724d239376a2f9564f23ae474c2f862d9d4e2b8706d955db399cf28f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed1148a724d239376a2f9564f23ae474c2f862d9d4e2b8706d955db399cf28f7
SHA3-384 hash: 2b3742a17b4de2d9b815c554c6a6eb14c5ac1ae89ea43321d0f696579c1428fd60851e9c19e3b9fe885ed147d16ca28c
SHA1 hash: 41914f4eec91b5c7c1335ae065d7d87990aba2b0
MD5 hash: 763005b16d50b6928c4efbd890754c09
humanhash: venus-vermont-magazine-november
File name:file.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:22:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 293bf969a8bb7ec7697fbdf4d3c70472 (1 x GuLoader)
ssdeep 1536:bl9n6qN2j2hfOVnkAq50AoriCk7n92Bvv4:J9n6qlJOlkheAoBkBb
Threatray 5'117 similar samples on MalwareBazaar
TLSH 3EB3E6137AEAFC91ED164EB249D2ADA80D36BC201C505F4B721EBB1D193B5902FB1736
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm32.hanmail.net
Sending IP: 203.133.180.216
From: Charles Kim(김현철) <t2963@daum.net>
Subject: 견적요청서 송부의건
Attachment: file.IMG (contains "file.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1K4-CGVEYzdkwxrvRrCnPp6QMsL8Vb8-m

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5552/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCN.19265.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:37:11 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
6dcf4557563343e881daf4b7d7b01e372457cee637ac001a1102a2e67a69cbf8
GuLoader
9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
df55898a2e3ad76e9ca691d178e15d2c499f391be7ed604a10ea7084e02d9446
GuLoader
f060225054513f81f7600706174134f5bed19ede10f3134f59514542305c7f2b
GuLoader
fa2fea7b2c7e6d02c40890b178133c0c21e6e1182c170c09de4550e85c98e67f
GuLoader
+ 5'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mstnqq9zde/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d0388c7a1091cf2d06162f05e5709efe938d8fa0abdacd1493cbac77163b0229

GuLoader

Executable exe ed1148a724d239376a2f9564f23ae474c2f862d9d4e2b8706d955db399cf28f7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367841/
  
Dropped by
MD5 cbf608d9ffe4c78fafa3c0926207b865
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d0388c7a1091cf2d06162f05e5709efe938d8fa0abdacd1493cbac77163b0229
Cape
Cape
https://www.capesandbox.com/analysis/5552/

Comments