MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7030c2032fc9a3b15dc8720636f25403873ca65156611b7ccaa2928d716874b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7030c2032fc9a3b15dc8720636f25403873ca65156611b7ccaa2928d716874b3
SHA3-384 hash: d77578080c5f95d4c6a7bcb65dc13db04186c6f5a99982dc38528e0420b9a570000ebc76f8267416a6395d20695e0fd9
SHA1 hash: 49ba19e77e13ad59a094ef99745eba13950811ef
MD5 hash: abcccb20b527fcbcc1f27c3380b4e6d5
humanhash: lake-king-burger-oven
File name:viospiral ORDER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-04 21:22:22 UTC
Last seen:2020-05-04 21:51:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash df2474764f6756f144ac8ee0803135ad (1 x GuLoader)
ssdeep 768:eLSv2rw7MVlPfVIYu/59NmanvRmJubPQ0R5PL4Zt:nsBVltIYu/59NmgRmJubxR5zc
Threatray 838 similar samples on MalwareBazaar
TLSH 2F83B405BEB4EC32D04476B5DFAAF2AFC751AC311A31890769443B9E1F36A069E7035E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.teilam.gr
Sending IP: 195.130.78.204
From: Jenny Vougiouklaki <v.jenny@viospiral.gr>
Subject: new Greece order
Attachment: viospiral ORDER.img (contains "viospiral ORDER.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.48330.23956.21967.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 04:03:16 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oaymeazpzgr3cxoioiddn4suaodtzjsrkzqrw7gkukji24lioszq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab
GuLoader
1218e6f611d06cbf81e8b72e9c1fab06d8d54c5a7b6ce49e4e26bf86ec1807b2
GuLoader
14ef1e3ac43b65b915bf15b136502e42fbc03555377bddf1bd4cd71928d2f1a4
GuLoader
250051d6d9bd369c1b513ab41b5f9da87b04166af831d170dcab225aa0d86913
GuLoader
3095c533634e0d3773040c4599e05afe14ebac6e81bad0801b6ec72f78df9c3d
GuLoader
473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad
GuLoader
7b743eec66064abd181281fa1c0d614f856ee083d23348a10c9612765342ee67
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
d0a44650607ba722a1afaeda2b4cb8c56484a1c9e8bf72e51fe92a2e16d6dbcf
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
+ 828 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6z82c4p9v6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ff3db1bf078a4d4167b9609516dee0fa997af33ab4bf97a4b77e03069c5c43fb

GuLoader

Executable exe 7030c2032fc9a3b15dc8720636f25403873ca65156611b7ccaa2928d716874b3

(this sample)

  
Dropped by
MD5 333b5254ad9f29eea10be4d33b257818
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ff3db1bf078a4d4167b9609516dee0fa997af33ab4bf97a4b77e03069c5c43fb

Comments