MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a269358089c5d4852d4c43ce63745226d1b889620be5937125184569a379999. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a269358089c5d4852d4c43ce63745226d1b889620be5937125184569a379999
SHA3-384 hash: 222ef948f093b4d4b1d32f8efb06ae3cb2bbcc907894df664c859ab52034d6f1137b271a172fdda8e66d166324dbee7f
SHA1 hash: cbd364b1550b597863573285a040d65654e10de2
MD5 hash: da26b25f2d6ef4aaddb565815bdada96
humanhash: green-six-neptune-eighteen
File name:dowód bankowy.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 15:03:21 UTC
Last seen:2020-05-22 15:48:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 19b6b530142d1067449f05305a2ee9b8 (1 x GuLoader)
ssdeep 768:sznN2vd9EqWJfd++aRwKme8vrgOUn/9xTXXDWtJZ1BcRZ8DHyjnwrVXR:UnN2vdWFd+ieGrgOUDT2BzKwrH
Threatray 329 similar samples on MalwareBazaar
TLSH 55931822F190DEA2C8284FF10D76A6A85867FC3C59188B4770CE3F1E653294DD63939B
Reporter abuse_ch
Tags:exe geo GuLoader POL


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: techdata.pl
Sending IP: 209.58.149.73
From: Graczyk, Daria <Daria.Graczyk@techdata.pl>
Subject: Fw: DOWÓD FAKTUR PŁATNOŚCI
Attachment: dowd bankowy.pdf.gz (contains "dowód bankowy.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dsmROHC1JlAbWrI367jfmsm1WsShvxAX

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Netwire
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 11:14:22 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935
GuLoader
0e3d83f664a5147b54de0323cf7319099cf4e214a074ba76c3cdc566f475eee3
GuLoader
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
5c8de7c3ff4d9ad542fe30c13e84cfe205122faefb6427cf7323298eb47ab0d3
GuLoader
6fd66c1d011fe7b8658211ad8990d9b06d23722a50c407675112ffb879043fa5
GuLoader
85b3b12892570a08fc7c60ad0f4788fb3a4a8d6a9b1cfdf79495b0586cc513d1
GuLoader
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
GuLoader
a40a5e625d55583bfeb7d9ef900686a29dc3c6f580ca1615af7a2ad29f02761a
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
+ 319 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wzbe4nxtks/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 3dbd9a79854e2d7627a1ce5458f9c6a08c6df1aca17e02b6ac40c1a3e0f8df3a

GuLoader

Executable exe 3a269358089c5d4852d4c43ce63745226d1b889620be5937125184569a379999

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366789/
  
Dropped by
MD5 ba49e5feff5d7db00838af0fd108ccbb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3dbd9a79854e2d7627a1ce5458f9c6a08c6df1aca17e02b6ac40c1a3e0f8df3a

Comments