MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62f73fb22702076bbd04accc897fb3fb2c3b203048eeef1fd943571f027d5cec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62f73fb22702076bbd04accc897fb3fb2c3b203048eeef1fd943571f027d5cec
SHA3-384 hash: 04722741300f1d7dd46a24372eccc036ad8e1ba8384be321e250f139de2c4191bec9ed802269316f04c170d02a45e5e7
SHA1 hash: 3faa7ba4d8753b48db13ef0216d47e457b84d995
MD5 hash: 7c96113ad28b5cd2b2f0e7eac3e8910e
humanhash: fruit-island-fruit-butter
File name:e-dekont.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 10:32:09 UTC
Last seen:2020-05-21 12:24:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9fce0f5aa56a9b168adc0d2551a9da04 (1 x GuLoader)
ssdeep 768:SLVKSB6VJ0L6izTDaJGxD7JFt7g9/UqdMWfedCduhTnX8l1NwW58N4f/n:iUSBGCrzTDa0ddj7AIWWgdAXOd8O3
Threatray 228 similar samples on MalwareBazaar
TLSH AEA32B267DA48D63DAC049F36EAA87AC04AFBC7035154F0774D77B2D1A31A82E53634B
Reporter abuse_ch
Tags:exe geo GuLoader TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.avrasyarulman.com
Sending IP: 185.239.237.91
From: ZIRAAT BANKASI <ziraat@ileti.ziraatbank.com.tr>
Subject: e-dekont
Attachment: e-dekont.pdf.img (contains "e-dekont.exe")

GuLoader payload URL:
http://77.73.67.197/wext/n-bin_GuMUo43.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.gm0@a0iG1jii.1528.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Azden
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:47:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
007062a34e83708ffb082b43d65c65bb245a5dfb699bd7d455400c1ecf8ca9fb
GuLoader
270b7f2dfa665133fe2d57069e4654b4065d5d919e4b881ab28ec215273bf767
GuLoader
2c70b55a898ef83a75e8558047851e40d839b5a1c151b967797c3c4d2afd350c
GuLoader
37badb60f9862a09e36f6fbad57f97375fccf52cb00dfd2415e5887031753be1
GuLoader
4efb9c06d7fbfe766220885b9f1320589cf9ae96a900a935e2d1ef3cfa971a3d
GuLoader
7a760430295f2983742510a35642ce550c0bf4f8f9632f027bbb11de037126b1
GuLoader
a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14
GuLoader
eedbb575580c9efc8e2a065c6713d388094d08b54d7d4e383ff7ee9446646241
GuLoader
ef5f67e08e4f10648a4002c0cb4a45a7480498d2d2f3ca02ab6c8561992c803b
GuLoader
f01984aa9f7805e8261655cfad5f92a5e06e48170d6a9fb41e5a2c22bfedec6d
GuLoader
+ 218 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-cdkt2akql2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 59b36e0c5d21af1d979d5d3917e6b446fb405dd64d2bee0821720be19fa6792f

GuLoader

Executable exe 62f73fb22702076bbd04accc897fb3fb2c3b203048eeef1fd943571f027d5cec

(this sample)

  
Dropped by
MD5 ba1b835b68a77fd80551e058dbf0641d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 59b36e0c5d21af1d979d5d3917e6b446fb405dd64d2bee0821720be19fa6792f

Comments