MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3600e2ca432c06f2c37d370e2a70adbc1ed32e35ebfd177f1d7b09e0ceefcdd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3600e2ca432c06f2c37d370e2a70adbc1ed32e35ebfd177f1d7b09e0ceefcdd4
SHA3-384 hash: d1ddde2377bdb25ef4fe2c89397984e5e2d0cb740b152d62789129406b932374c3da433a17140473b978bf2887979b51
SHA1 hash: 76239b46bbff37e5c566894dea59cde8dc31992a
MD5 hash: f39b5041de05bcf2373304dec04ac535
humanhash: maryland-social-oscar-quiet
File name:7734_PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 16:45:07 UTC
Last seen:2020-05-27 17:49:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dc6797d0b0d96483269377ce9b9f4fd1 (1 x GuLoader)
ssdeep 1536:jVYgI66I8c8yfTTTT28G0lOOtividyVg2N4KxMAm0k32r3Ae:NI6r82vS8GmtSRN+Azo2L3
Threatray 331 similar samples on MalwareBazaar
TLSH 5BB3190B75D69CB6FE388FB21C71E5949E22BDB93D105A037187B78E25722C9386035B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: min.com
Sending IP: 173.82.106.230
From: gislason@somers.com
Subject: T/T Payment Details May 27, 2020 (EUR)
Attachment: 7734_PDF.arj (contains "7734_PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=17BGAibz3JJeoCj8GqP_5-blKFqBJOovY

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5724/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50053.16811.19463.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 08:10:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 27 (81.48%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0a1a06e6295b998e4bad7a627623b20ca2cf4a2aad41276c8887877553c14996
GuLoader
4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308
GuLoader
4e14841c96a09f5850d1cf5fcb3526714c22d7174e3f75c8a309d8db36ecef93
GuLoader
548a7b8c768e9f1a1911b4cdbc902dc388e74e31393825ac29704cc7edcfcb6d
GuLoader
5a5b328942673d86edf79078433db7e953cb5665087b33f1be3b463fb775ddf1
GuLoader
6e4b858c8b34deac90ecc0bbf4d6480ee0815c7588a192e4ee30eccfc8bda290
GuLoader
705359998910a71e56cde4f359ad4ae767d0182b45f46615ebcbaa969fe5c5c5
GuLoader
a40f7767aa2fd1c3efe1fc0f0178088d1640d1a2fd5b4d4b075f8bbff43ccfd8
GuLoader
b00ffbe33a4398cdfdb136564f24dfd6ff292b11a9adbc4041aa2a532af6edfb
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
+ 321 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-c6rvwtm4m2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 018b2bbb71bef5181a78597a73de9714e9ad813900e6daef155ba507596929b6

GuLoader

Executable exe 3600e2ca432c06f2c37d370e2a70adbc1ed32e35ebfd177f1d7b09e0ceefcdd4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369909/
  
Dropped by
MD5 9ec447385f28da5892a3d6cc015725f1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 018b2bbb71bef5181a78597a73de9714e9ad813900e6daef155ba507596929b6
Cape
Cape
https://www.capesandbox.com/analysis/5724/

Comments