MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 703340ccade47686ffd64ad3bda9829f0b1d8b704101c5f5dc2b66edcf01dfa6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 703340ccade47686ffd64ad3bda9829f0b1d8b704101c5f5dc2b66edcf01dfa6
SHA3-384 hash: 9e625a68b0a29c0644ef7f2220ed635bffecf07d72cce65d7e2dc86b664dc3c1e987eb6665ddb03500e3127f67b1046b
SHA1 hash: 7b1b8e06b6cbf676ee2166c877a490c8ff02e289
MD5 hash: 6f39fea6c99c411f7a17d086202b3dc9
humanhash: lamp-river-nitrogen-snake
File name:215CE.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:44:47 UTC
Last seen:2020-05-21 09:51:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 76571e198331b90a4f31811ca84d5d3d (1 x GuLoader)
ssdeep 768:SO4j0hpbb8odLoyn8DkiHLKpn3vyY3ZdzIuNFkfLoEdFmCKQ:Ee8oayn8DJ+n/V3ZyOGTmC5
Threatray 5'358 similar samples on MalwareBazaar
TLSH 1EA30A61F951DDB0DA3C87FD5D719768112BEC309C12CA8374C6BB0D2AF698EA860787
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: jingyuan.com
Sending IP: 31.168.40.90
From: Jason Wang <sales@jingyuan.com>
Subject: 採購訂單
Attachment: 215CE.r11 (contains "215CE.exe")

GuLoader payload URL:
http://class.britishonline.co/bin/bin_CxzruZVpeF159.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47956.16608.19256.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 00:44:00 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oazubtfn4r3in76wjlj33kmct4fr3c3qiea4l5o4fnto3tyb36ta._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
7c4fd841e891e2be6f0757679701669e927c58aedc94de97104666f0e89f6b04
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'348 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dqg9z1k93a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 8b947d8aced2397256fdb3c3f10806823d6d8635e1798f7e1a3e5749380ada9a

GuLoader

Executable exe 703340ccade47686ffd64ad3bda9829f0b1d8b704101c5f5dc2b66edcf01dfa6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365788/
  
Dropped by
MD5 8837617cab59ff9beef51dea993c94c7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8b947d8aced2397256fdb3c3f10806823d6d8635e1798f7e1a3e5749380ada9a

Comments