MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0
SHA3-384 hash:	b6644bbaec5af665634d3dda8e49a6cf014b49b6e4dcc9241811ee1eebd694a3233b1bed97e188cf70f89a6196a17ae0
SHA1 hash:	b359f2c63364264896fa7a49367daf7879803eb1
MD5 hash:	d1da99d9f2d055e18f05e121f44883e1
humanhash:	butter-fourteen-east-quiet
File name:	Detalles del pago.pdf.bat
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2020-05-23 11:53:07 UTC
Last seen:	2020-05-23 13:13:08 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a2dfe4eb0644a1cd452aba3a2ea2c7b1 (1 x GuLoader)
ssdeep	768:A5op+N6/5vp2Y8xf/7Je71vbXwWTcivZX1rJnHv8MroWgD+7s:coEe4FA1vbX3wivPtHjBgn
Threatray	378 similar samples on MalwareBazaar
TLSH	67930A61F060D9F5ED218FF29A3A96E058AB6C3119128B0370DDBB1C3D7370DAA5635B
Reporter	abuse_ch
Tags:	bat GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coreptec.com>
Reply-To: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1GHqRKU6aLAanHCqSOCTqnW3k_uhA0-Md

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.44992.20325.174.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-23 01:02:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-xkcl5slnp2/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a

GuLoader

exe 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/367156/

Dropped by

MD5 da1472dbc368d0f5dabd746736b118d2

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample