MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50e217d5fb7b641b16f5a7f04d830f60e35720c81ae8010981c4c096751a6268. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50e217d5fb7b641b16f5a7f04d830f60e35720c81ae8010981c4c096751a6268
SHA3-384 hash: 2cc986a03dc790609f9dde72b252cee92c23bb1f970b966dc6e741d1268416f7944594c44733b43468b6bc716526d015
SHA1 hash: 830d749a62755561fe2990ee3015e0a60af4ee67
MD5 hash: 7925673f20fbba60dff5503c880c8d99
humanhash: mobile-beryllium-oranges-lamp
File name:Invoce.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-05-28 18:05:55 UTC
Last seen:2020-05-28 19:01:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 780df032ed53e631f048dbf010f7c75c (1 x GuLoader)
ssdeep 1536:6+fm+pVXqIBhZxSB0SudeAvdkqeAkyINVKkU/Rz:gSq+HdheqeAYNVxUF
Threatray 5'136 similar samples on MalwareBazaar
TLSH C9433A17F9A80062F34746701E5589A13A3ABC753931AE0BB346FA5D2D34A83B4F572F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.sunhilltopvilla.com
Sending IP: 66.45.250.72
From: jana<work@sunhilltopvilla.com>
Reply-To: work@sunhilltopvilla.com
Subject: AIDC Invoice 038652 and 038653 QSB-18-1547
Attachment: Invoce.lzh (contains "Invoce.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=02E98840A4C9FD6C&resid=2E98840A4C9FD6C%211172&authkey=AEcgmc__P8n8irw

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5884/
Detection(s):
SecuriteInfo.com.FileRepMalware.3676.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Azden
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 18:37:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1789be535367afa0097be7d9ef6c90523df01d10e40b712ed0ead826b46e99e1
GuLoader
35581eb6b7b958bfd5a21f192571f5adeeac39295de4ce29bc16bbb57480ae80
GuLoader
4cc50598ab30ac06a20ce6a6a56deedb59ecb519a814ac791b194f49b63a7daa
GuLoader
6830866e2d41b970c95172f9a156522c72cfd238f846c02c19827b2100fc5deb
GuLoader
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
GuLoader
b3349406861e76bfb84f4757a646c3fe94eb5e1cd27abeeffa48aabb6c8fa4d5
GuLoader
ccfb3375ab05225fa22bce51864a9fcdfa3b73d09a207c10a6f60b23dd05661a
GuLoader
cf5a86737ab13ec2ea858e0d7c635c3a3c79d1deda05e79a81dd1b470dcb0942
GuLoader
d810052504c453dbe0b0960c1f818146afce0c24f793d37e35ca806d8458d647
GuLoader
dcb0ebc1f45c4de45babb921e77c6f9d3e62c9071fd5713f6ecc064f6784fe6e
GuLoader
+ 5'126 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-tfcvvmzz6j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar df1616ab476cf594ba06aa5b0b6f03a249545e6b383c871effee0bc7bd4d2212

GuLoader

Executable exe 50e217d5fb7b641b16f5a7f04d830f60e35720c81ae8010981c4c096751a6268

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371342/
  
Dropped by
MD5 3bfa4667e45e971b54f1e1e6ee88d501
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 df1616ab476cf594ba06aa5b0b6f03a249545e6b383c871effee0bc7bd4d2212
Cape
Cape
https://www.capesandbox.com/analysis/5884/

Comments