MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbaaf4a20caaded35148803f10962ddbb81270216842b817d0a961e5be13c405. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbaaf4a20caaded35148803f10962ddbb81270216842b817d0a961e5be13c405
SHA3-384 hash: a9ec338446aac8cfffa40460a8c5a9b91e135b3e6540196780620d4b558232ff47138e63b4c87e3b108c5461f20d1d54
SHA1 hash: ce15a5e751046552e5f00cf34a2f0ea42e55a241
MD5 hash: bab3d1881995072e584cab33fe5fcd3f
humanhash: paris-summer-low-monkey
File name:VP-XPE-S007-LT-002_SPARE PART LIST.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:16:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d0ea4ac93484bff8a7ef2a545bdbe8f (1 x GuLoader)
ssdeep 1536:kP0xTU5fJpqQmJ4WdT5sf74FH4y8fLDyu0IVJWUTXE65n8SkDzb0:kP0ZUlPLmJ4A474FPkJd5ODzw
Threatray 154 similar samples on MalwareBazaar
TLSH D5C31823B0D85D91E91C1EB24C6755E79A23ED22BA901F1B770AF71C25361C739F832A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm86.hanmail.net
Sending IP: 211.231.106.161
From: 이태수 대리 <thlvkfl68@hanmail.net>
Subject: FW: [XPLE PJ] Project RFQ/ Spare parts list [예산견적]
Attachment: VP-XPE-S007-LT-002_SPARE PART LIST.IMG (contains "VP-XPE-S007-LT-002_SPARE PART LIST.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1FaIrcjvh13I-GykLsBIbuVk9NXRIJfyH

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4991/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:28 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193
GuLoader
09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d
GuLoader
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
GuLoader
3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
668ec5b9759f0349cc79113c4d2bb62ebf2239de79532f97248b242df8608a3c
GuLoader
70e8b249ce476ea3ff1c233de9eef9b9f1e2ad1da22c1bb3e16acc20eaa0e9a2
GuLoader
a7cfec855ead8a33902aab33c3c217fbc6fe9fb372c4c8d0c1aec4b493736bf5
GuLoader
bd7d25a9958f0455c03a169c21ecba511a0ce5a43d528f8c3fdce782e4b31834
GuLoader
c52ca2d3f581c0f1149d3538a985bb896755356d0c00abc546c142accaf0015d
GuLoader
+ 144 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6a13m5mak2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 80f1056e75336a0a1ecdd8ecc9f09a80e7772e017ef97127f6f4e053c4e4170f

GuLoader

Executable exe fbaaf4a20caaded35148803f10962ddbb81270216842b817d0a961e5be13c405

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367850/
  
Dropped by
MD5 2f79681a85ce0753d7e66acad08edded
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 80f1056e75336a0a1ecdd8ecc9f09a80e7772e017ef97127f6f4e053c4e4170f
Cape
Cape
https://www.capesandbox.com/analysis/4991/

Comments