MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0a859474803c2ba7687f71bdc33ed9296ef1a18920d6c3fb425fc30ae266826. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0a859474803c2ba7687f71bdc33ed9296ef1a18920d6c3fb425fc30ae266826
SHA3-384 hash: 212fbdd6ca90563799afa1443f1f11de8006e3c7225901b2a402e4da39d831c7ac90236015d297e6e9f669034bca186f
SHA1 hash: bbd7a50968ba58e39ec0091936fa9677765beb8f
MD5 hash: 13b785d3509211baf690e42a50efb06e
humanhash: lake-mississippi-quiet-nine
File name:JIANGSU.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2020-06-03 13:08:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 14ff8ebc7776959b41b5094d545d6a02 (3 x GuLoader)
ssdeep 384:BogOt8b7n5DkjTFkojJk/lWmthEpgsZ3GJmOVjXIJ37E2fP:+ltq7n5QjTzGImAfZ2JmOVjX+7E2f
Threatray 5'240 similar samples on MalwareBazaar
TLSH CE53D7337B9C8622D54846710D52DBD40F37FC7589A98A533C8B37AF3A726C49C6A30A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: MINGQI ZHAN <mingqi@yuntong-batt.co>
Subject: RE: PO# 0440086 - KUAN
Attachment: JIANGSU.rar (contains "JIANGSU.exe")

GuLoader payload URL:
http://111.90.148.217/maz_nWESMEvbsC95.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6287/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:21:05 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6cufsr2iapblu5uh64n5ym7nsklo6gqysigwyp5uex6dblrgnata._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2d15cd4ea7c6a5ff5f7f47acfedf52c6cb081a5791f8aa03a9a88636b58550ca
GuLoader
49fd1fd4167dc08352e383bd51337af9206603336040aadacc85fe5a9226ce6e
GuLoader
4e68480fbf23cd8b7efedd98614f1cd26032b955b4fc721e6622c62e4bb9f447
GuLoader
6c7d10402361556d564ce74e16a05024a4e0ad31da03b98fb69d4f7c0079730f
GuLoader
b26b6fd030ce29451797859444a1bd9e0a717b06a2909406e68edf183887632e
GuLoader
ba988eeaeef4b7e706308c40094dd0fe2146918e0386565cc2a14243e3f0aa69
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
d19a1337bd1fd3534eabbbdf6db6e402de9c2996edf3b4bae1bb10e85d7b5bde
GuLoader
d4943254bdebb92508362f26bd91da77d2aaecbcd73f086b917055c704a993a5
GuLoader
f46ea866a034694bb34ddd4207ae960a5e43390ca9f9ad58daf4d14c42dbbc79
GuLoader
+ 5'230 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sty4b7ccrj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar a1dde9b2c42ccac6d2ee9b6dded0d5470eb0b4c1471d7a45e141e604087fdad6

GuLoader

Executable exe f0a859474803c2ba7687f71bdc33ed9296ef1a18920d6c3fb425fc30ae266826

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376020/
  
Dropped by
MD5 27104a9838195af723b3041c64c444f6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a1dde9b2c42ccac6d2ee9b6dded0d5470eb0b4c1471d7a45e141e604087fdad6
Cape
Cape
https://www.capesandbox.com/analysis/6287/

Comments