MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a1ccc4107466c1cc4454548d16cce5b1104177af32a60ffdf07d5af5f9141ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a1ccc4107466c1cc4454548d16cce5b1104177af32a60ffdf07d5af5f9141ca
SHA3-384 hash: e9068ac874280f038a9d6c2a630fc19c53dbde174763320986662e49a8e039f891c70f4729fdc1c9f73e67e04ee5cad9
SHA1 hash: de0c1a65f06aa9c1651f840458b46350405a93c8
MD5 hash: ed552a5a2ce960006ea5f715719df40d
humanhash: vegan-one-emma-uniform
File name:Swift Copy #05202020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-21 08:37:34 UTC
Last seen:2020-05-21 09:51:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 397dc40d6624cbc792508f6ea59f15ca (1 x GuLoader)
ssdeep 768:0QcA2ZvWQYjAcM3pNzJIOFo7Q+GKHo9bA2RJNzcK6DpZ/GEbTDnJZNC:mA21l3pNzaOq7Q+G1Vl/KZ//Vq
Threatray 131 similar samples on MalwareBazaar
TLSH 83A319B3F9B4E960DB295ABC4D3186F8092B6CB44972CD4B74C6B70D18F3987B275206
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: alojamiento1.gestiondecuentas.net
Sending IP: 185.73.178.91
From: contacto@mesonjulian.com
Subject: Fwd: Payment Sent T/T Receipt Attached - Overdue Invoices Payment
Attachment: Swift Copy 05202020.zip (contains "Swift Copy #05202020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1whdZ1US-nWsLYqOZjaaHIx0ywlNSaqly

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.6933.5385.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:36:23 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jiomyqihizwbzrcfivenc3golmiqif326mvgb767a7k26x4rihfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70
GuLoader
20450686b8930d7bdd00981e6766d1c7c51fbe06f4e3f8e32e29fa4cd8cdc307
GuLoader
2514cc0d95a79227b308e5834eb780ba105109fcc7fc02fc11ef3a03e61cac46
GuLoader
30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
GuLoader
9b4235ad000e2c60ee36599e355a2f7102a4b943db1075e02ff1036c0bc0ccda
GuLoader
a58514d885d493ebb627f107f0a3ded181311e153038fdc1626323bbea512f47
GuLoader
ca9d9bba55a17ac5f0a879efb36f842d2068f0c9844fb8e1285156cfb720d740
GuLoader
dd87e9c01a0bf9cc9e8df91cde201e7993643d877029edaa053dda0dd916515a
GuLoader
+ 121 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ccwj43gp3x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip bbb17c690cc4044e159a01418d7a5fdbceda7f2ce3bba630cd5ec2e05e00d4e1

GuLoader

Executable exe 4a1ccc4107466c1cc4454548d16cce5b1104177af32a60ffdf07d5af5f9141ca

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365703/
  
Dropped by
MD5 33faa4d72e2ab3725b827576729e9ad8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bbb17c690cc4044e159a01418d7a5fdbceda7f2ce3bba630cd5ec2e05e00d4e1

Comments