MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3aa51ec61736aeeb1f90d430d696ee1c27ab773afec909da129fd171ba895f3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3aa51ec61736aeeb1f90d430d696ee1c27ab773afec909da129fd171ba895f3e
SHA3-384 hash: 2bf79e8f980385fd348a38cc2858fe2ba07434e9887437a5d2b5d010711525495a9b7aea3d5824c9b153c4262784201a
SHA1 hash: bf4ddb4acf63730feaee788b26fde31d43c63a60
MD5 hash: e87ae69bf935653aa7a6f37b443af7bc
humanhash: cat-tango-charlie-magazine
File name:Quote_98045300_76873342.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:38:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 13453cf5c76d53a3109f9b087cf3e637 (1 x GuLoader)
ssdeep 1536:9Ni4OTMsf5SOhMfkUhxpkJdjDCwQW0T5p0RVqv3:9NiqASHFpk7jDCwQW080
Threatray 262 similar samples on MalwareBazaar
TLSH ECB3E5137AD8AC85E9065EB15FE0AE780E3ABCB91C610F07754FB74D29361895FE034A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: outlook.com
Sending IP: 103.89.88.225
From: Nguyen Thi Kim <seyekozoko@outlook.com>
Reply-To: goodluckfresh@gmail.com
Subject: RE: Quote_98045300_76873342
Attachment: Quote_98045300_76873342.zip (contains "Quote_98045300_76873342.exe")

GuLoader payload URL:
http://hosseinsoltani.ir/wp-includes/build_IedqfEnQId16.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5635/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:40:19 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
31b85fde884193b976d6cae2209bd2c95f13d6de5d0ff4206612a8768a0c65d6
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
5a8995e3a1c868d8f0b0c0840da1909c7fc2240699ea41a35bb04f7f8b04c9fd
GuLoader
85da31a80a4d9abbb63b08026620b12410c1865fdc8399c283af3bbfbddfd4f6
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 252 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mpyeqs824a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip c6477d3fb83f09d92d95e78550f55f28685e4b7799d2b9b64eec0db79fe536aa

GuLoader

Executable exe 3aa51ec61736aeeb1f90d430d696ee1c27ab773afec909da129fd171ba895f3e

(this sample)

  
Dropped by
MD5 ed57af93099c8b46c6f168ec30d36d2d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c6477d3fb83f09d92d95e78550f55f28685e4b7799d2b9b64eec0db79fe536aa
Cape
Cape
https://www.capesandbox.com/analysis/5635/

Comments