MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11
SHA3-384 hash: 8a133a83b530a6979b34a6afb4cbbcd0a0d15a9a854d4a52e7ab082018727700a52ebdaaa2a8c4c290322d8d52ac72de
SHA1 hash: 6f3cc9b1e60bdbf0caeeba7104944a7faf34e484
MD5 hash: faf9c7995ec88683c6b2330dfce2f083
humanhash: winter-robin-spaghetti-seventeen
File name:Rhourde El Baguel LPG Extraction Plant (REB Project) Rev 1.0.Pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-26 09:01:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash aa51729bc3ca6cc98850b0b3ca75a436 (1 x GuLoader)
ssdeep 1536:1spe6TUhW6I31UJClc4u+eyE5E5OoIKY:udA4/U0lc4u9yE5EOoIKY
Threatray 6'064 similar samples on MalwareBazaar
TLSH 63A329619BF87DB4F8F54FF15D7142188423FC620C669A0B21CAB52E5932F94CA7272B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.bgesoaeg.ml
Sending IP: 64.52.175.209
From: Seok-eun Choi<seokeun.choi@daewooenc.com>
Subject: [Rhourde El Baguel (REB) LPG Korea Plant / Algeria] Request for Quotation
Attachment: Rhourde El Baguel LPG Extraction Plant REB Project Rev 1.0.Pdf.img (contains "Rhourde El Baguel LPG Extraction Plant (REB Project) Rev 1.0.Pdf.exe")

GuLoader payload URL:
http://ogee2020.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_Xbibtw24.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5665/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.49876.6868.29174.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:51:00 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
GuLoader
3259355435f9e6a9b041b93c2faa1ad8a3867de478a436606702593e4e130dd0
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
GuLoader
a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
d159f3626adf62282b20470b72d2d93408da1cc30bdc4df23030fe77e2c992f8
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 6'054 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2dtktgnjzj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 960c94a921f8be7180ba83e1f2a749b2c9662db98f0e6d9ce3ae547fb2b44694

GuLoader

Executable exe f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368696/
  
Dropped by
MD5 263912904a4eaed3a366a2ce1fa38b20
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 960c94a921f8be7180ba83e1f2a749b2c9662db98f0e6d9ce3ae547fb2b44694
Cape
Cape
https://www.capesandbox.com/analysis/5665/

Comments