MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70399b135fa0365dae66a01b072dd8614be73c7ff2b4cc51caeeef64dfc60ef5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70399b135fa0365dae66a01b072dd8614be73c7ff2b4cc51caeeef64dfc60ef5
SHA3-384 hash: 7c5885ce2c1bafa88a087e9d2e38f0a1d25361bce2d419aa8151bfce8efa7ea60b51089f26304d3aa8d5c9d4f1bc9975
SHA1 hash: d79fff3903466505338b6bbe0dcb92b658068612
MD5 hash: 3921f76b16e1c3ceecafa89f1b9e2382
humanhash: golf-timing-don-fourteen
File name:IMPORTANT !!! OVERDUE REMITTANCE - MarchApril.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:30:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e1351dfc35e06dd7be3c54ba5e0b6677 (1 x GuLoader)
ssdeep 1536:ntPnLjvF9Ukz4N/i9W93omVI2vnKMQ51T:nZn19Uk8Nz9jVI2yh
Threatray 6'471 similar samples on MalwareBazaar
TLSH E5B3E652B6CCACBADC170EB18FC5DAF40D63BC612C005B03759BBB1E29761C5AFA1649
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 37.49.230.162
From: Abel Ruben<Abel.rub571@gmail.com>
Reply-To: wanlin.goh.prolink2u@gmail.com
Subject: IMPORTANT !!! OVERDUE REMITTANCE - March/April
Attachment: IMPORTANT OVERDUE REMITTANCE - MarchApril.zip (contains "IMPORTANT !!! OVERDUE REMITTANCE - MarchApril.exe")

GuLoader payload URL:
http://hosseinsoltani.ir/hilari_jReOOokyX131.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5560/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 05:03:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00983a8176276beea115d21fef7919c49b29b96d78dbc2151cc04cc7d8c95b35
GuLoader
035c2fa5d912202dd34e8410b14a42b0db007c2be8ed819bbc444f9818497f5b
GuLoader
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
2ad7a9c76778a5cbbf458819852689c82153acca51da8fe58eed37c126d5b755
GuLoader
347aa505ad319b4d8ee54aabe34dfc2af12b4747af23c6b635821ba9aedd0e32
GuLoader
4c1fe4c0f5d8d1277036802c83df3e083b31318dfc2c194ce93b7169d7ba6e3d
GuLoader
5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
8078d97844b57f9ee1521ac19ed0382b13c249a5fc9440d72e032589d1bf1280
GuLoader
ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22
GuLoader
+ 6'461 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ywgkly489j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 16d911d7284bead1111026e28705ff520ac433f9f8108973592eff542e53b05c

GuLoader

Executable exe 70399b135fa0365dae66a01b072dd8614be73c7ff2b4cc51caeeef64dfc60ef5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367852/
  
Dropped by
MD5 712e989f634b8cf6a58184216656cc50
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 16d911d7284bead1111026e28705ff520ac433f9f8108973592eff542e53b05c
Cape
Cape
https://www.capesandbox.com/analysis/5560/

Comments