MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdee0aef0be932935554b59899df6f51b2caea4d730ca1179158c15f62a9ccf4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdee0aef0be932935554b59899df6f51b2caea4d730ca1179158c15f62a9ccf4
SHA3-384 hash: 32f11c361348a7371ed4d4955f50821ddbf0ebb9c07dd9cf0af33d683157490eb336e38238a7d00fac02ea246843c8c6
SHA1 hash: 3bc038668b19b9f01d1f8b42fa1f8d380030e4c5
MD5 hash: 92e05001d1174afd602dafa351a5762e
humanhash: quebec-glucose-black-one
File name:20200528.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:06:53 UTC
Last seen:2020-05-28 08:22:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 957d023f39e262bd1da9dff6f1ceb18f (1 x GuLoader)
ssdeep 1536:HlNy82gwnfrRNnNk2+bXKsHcaVvySXY3slj1tCFtTxn1TqiLaSTzH/pUuDiKh:FN9+frRfk2qhljmRBqANh
Threatray 198 similar samples on MalwareBazaar
TLSH 0F143926F696ECB1D7450AB0D8D6D4F80521BC11C9168E2776C07F3EB27A093ADA2737
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm86.hanmail.net
Sending IP: 211.231.106.161
From: 권성록 차장 <neochem3@hanmail.net>
Subject: Request data list
Attachment: 20200528.IMG (contains "20200528.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1YACSs5zX5g0eOijy1sh6MZEqXSYrwwPJ

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5800/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.10821.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:15 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
13277d505db31b33c1c62936da1cebd942555d66b1a74edf5a44336d62117221
GuLoader
1d4bd4bcfe5f31f317eabc6780b91c1499f4dfc22025cfa6eeec3bc188207dc3
GuLoader
242048a88fe7eb08cbd3de9cd13d0dad6f532bd8f85fdd8dcee59d7289f6c9ab
GuLoader
2a4737c791956f7c020af62490a855297096797a632a39e493ddf19365916456
GuLoader
4dce60ed857ab264ba4db32dfa8a3f4b3e6cc1d94cb2cb48bd33a98f9bf9f692
GuLoader
7cbc380c05ce0b8e7ff6c94ee11ac6aec99adfb14e530f43d895af660588e984
GuLoader
84f409f8aee0cf253fba68ae4027348449045f7bfb8723ac8fe0336c21c0b0f6
GuLoader
9848da60b74c19523583a237900008a3fcb268a9a4000c352f944f7d9f0d78e3
GuLoader
d44e6b767f7bc663a04cb2e952e202eee52f0914a35115fa8129cee1228a31f3
GuLoader
e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855
GuLoader
+ 188 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lk32mqlj4s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 9af3cd6fdfa206799fff5e927f1b55a4fc1ab7492ac8b1ad4ecccb2baec28ebb

GuLoader

Executable exe fdee0aef0be932935554b59899df6f51b2caea4d730ca1179158c15f62a9ccf4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370273/
  
Dropped by
MD5 aa0d29df5854b451735e9ffc6cb0dcb6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9af3cd6fdfa206799fff5e927f1b55a4fc1ab7492ac8b1ad4ecccb2baec28ebb
Cape
Cape
https://www.capesandbox.com/analysis/5800/

Comments