MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bc915766b79fb4fdf2e636cfc46b1df5787c2fdc11fb540a65cdda079f5bf1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bc915766b79fb4fdf2e636cfc46b1df5787c2fdc11fb540a65cdda079f5bf1f
SHA3-384 hash: 6abd7c48da7d662bba45ebaf6288e5b1b790948922f88ad8bf2bfffee3c7deef05c191df3480d98c96729f1d854e095e
SHA1 hash: 1e617f070c0ee6b99b9d93daf6176d51530d8397
MD5 hash: 7b8482b74fe76a3016b4d4016fe47047
humanhash: earth-colorado-shade-papa
File name:Extr.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 09:59:45 UTC
Last seen:2020-05-22 10:52:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9cf6fa849a525ad512a8cfbb595265cc (1 x GuLoader)
ssdeep 768:fYE9koJ0beC7pzQJuHKek98qtZmcZOhvktjz3N8BuWoOlho6C:wE9VMeC7q0q18qtZmcohvkJahor
Threatray 5'158 similar samples on MalwareBazaar
TLSH B7932C21B566DCAACD448EF289D55DA8267BFC313D040E0B33857B2C7933EC25A6635B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victor.r1host.com
Sending IP: 176.9.32.34
From: IMPORT-EXPORT SALES <Sales@symetrix.co>
Subject: UnPaid Proforma Invoice/Balance payment
Attachment: Scan DOC.001 (contains "Extr.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1l6VU05eHD17sFQqbelVRsD-qw6504o9V

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.48513.13623.13683.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:36:51 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
03d585ea89f4e62bc18d42d1fadad0b02faca6d68c831e79fb542e9efd183f7a
GuLoader
08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b
GuLoader
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
26578480a0124210e78362e63cb2fb0d2998a47e6b1d8f43cbe787caba1ac5b6
GuLoader
29bcd4f06dd92b104f47acf511a47742f03d7eca0321ad099c964954416f821d
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8
GuLoader
9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737
GuLoader
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
GuLoader
d7dda9d5e3557a57d63b4fe02c26f03f135e4810bfd2fbe9b44f5190384385ae
GuLoader
+ 5'148 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kmjkes5y26/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar eff0f30965663744ad00474a5a016d9c5134e6b49c42cc55a5f87a6cda682a7f

GuLoader

Executable exe 3bc915766b79fb4fdf2e636cfc46b1df5787c2fdc11fb540a65cdda079f5bf1f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366493/
  
Dropped by
MD5 1342f7f488f048184c448ff7e663b89d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 eff0f30965663744ad00474a5a016d9c5134e6b49c42cc55a5f87a6cda682a7f

Comments