MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c70b55a898ef83a75e8558047851e40d839b5a1c151b967797c3c4d2afd350c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c70b55a898ef83a75e8558047851e40d839b5a1c151b967797c3c4d2afd350c
SHA3-384 hash: c757605ef392ea398434866ae3762f454598b15660d6af69ad4f918778215634763a341d2993a4b00ac10cef4085c165
SHA1 hash: cdea4c661dfa935b77c31d8c50aa6a4153c96baa
MD5 hash: 62f481a96a68ecbd6dec71118f00bf51
humanhash: lamp-steak-robin-nevada
File name:enquiry.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 10:28:55 UTC
Last seen:2020-05-21 12:24:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 08828d8836d22315ce4a3e0f6b1ac88f (1 x GuLoader)
ssdeep 768:19tbd/xff7ebfF3gYIpqB9zLllqrlF1vyvcq90EjrE9IoVKEOnsDVapauapX/t:pd5fDebfF9B9PllqrlF1kIEs9oRneGA
Threatray 555 similar samples on MalwareBazaar
TLSH ACA32A72B5A49D32CA08CEF199654F68206FEC7536134F4760CB772E2533A81F5293AE
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: eim.ae
Sending IP: 37.49.230.137
From: Sales <alsaqr3@eim.ae>
Subject: RE:URGENT ENQUIRY
Attachment: enquiry.rar (contains "enquiry.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1EmsEsT-0m_rXdCbtg9qQaRpoFlwosSYr

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.15264.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:47 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=frylkwujr34du5pikwaepbi6idmdtnnbyfi3sz3zpq6e2kx5guga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1863d7653d364f73e1690e3e6ac086b070db17f588ca38db0111b58ad5fccbdf
GuLoader
1dccde0289f175d1d41140302e71242ae0ea250bdc580767256da69f7cb319ff
GuLoader
2adb6be5546acb42c8717b93181d13b7b174f5b13529921c5a0f72d4bd356f4d
GuLoader
4da0526019c843ade96399a33f2a5e9a9d8e415d69859ee8c7874439956c131c
GuLoader
5aa9861dcb5890caaadd311b1eed80e2ae65bd0d46937cc3bdee4757da908fc6
GuLoader
67283e72feeed3ec5c8b7314fd13fe8936a1bf2bc8bde5fb54048c630a57598d
GuLoader
8657ccc1d28108a1b54a3daa4d72f80447da75c74c51726d5f4e9cbc14efff77
GuLoader
8ab8e638e67326a2635951855e466a9df0a3c699da6a51c7feedb143fbc8a6bc
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090
GuLoader
+ 545 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y2yqcskasn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 02c7bfc89dfef4cfe2d899cda6c83dcabdca9307db8f361a8dee511eb278031d

GuLoader

Executable exe 2c70b55a898ef83a75e8558047851e40d839b5a1c151b967797c3c4d2afd350c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366141/
  
Dropped by
MD5 5d0b949d10c388bf2b5549573ccadf2c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 02c7bfc89dfef4cfe2d899cda6c83dcabdca9307db8f361a8dee511eb278031d

Comments