MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 722c38612f58a2762ae67f38d4342c7aaa59c89c3546cbe0d69f4700b55420fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 722c38612f58a2762ae67f38d4342c7aaa59c89c3546cbe0d69f4700b55420fa
SHA3-384 hash: 459e3fc8673903c6c3666ceac9575116969a3401fa5fe094eb41ced85bf5e7a7c8cfe5540b212438786e4a7049333044
SHA1 hash: 8ebbd54698f000c52d52124b8eab38112403599f
MD5 hash: ebd91cbccb35f5c377bd9cbfd115db86
humanhash: one-eleven-zulu-double
File name:Invoicelo.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:249'856 bytes
First seen:2020-05-12 11:55:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fb0fab29a7deae4ef12f61bef0546ea2 (1 x GuLoader)
ssdeep 1536:YkUEG+IC+K/TklnHmcaQSeJRaCAd1uhNRx:YkaXQRSB
Threatray 5'075 similar samples on MalwareBazaar
TLSH C4346056BE149136D8A44E711B61EBAD2319BC28C8074E8771C53ECFFBF5AD18E21236
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: tmx.kiev.ua
Sending IP: 91.206.30.205
From: Sharon Hsia<info@marmarayem.com.tr>
Reply-To: <stoh@hansollvina.com>
Subject: AW:AW:Profoma
Attachment: Invioice.03000303003.img (contains "Invoicelo.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.843150.20068.9526.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 12:42:02 UTC
File Type:
PE (Exe)
Extracted files:
45
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oiwdqyjplcrhmkxgp44ninbmpkvftse4gvdmxygwt5dqbnkued5a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2302aa79bb34eb683a91324995a9fb366bbbe55dffb53deee00b842e75ad19c0
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
420c2572fe66b34a3e994b43ec3d35a60559c2b011c02c038854a99034a9ca2f
GuLoader
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
GuLoader
a9da529f0ad9088cec7e9441a7081084f417655533998caa004597a1bc6ef262
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
ceee0c8772c6b5a2cff7d9f3bc824c088f3c7d034b9898c74f79e11b59210257
GuLoader
df745e4434b953ab404e59ef73608a9f3148fa7d629a28b7401c295efdf618b6
GuLoader
f8cd5468cae1b7ef288867c7be839e906c6671310d07c8811d044e435b2759e0
GuLoader
fda70d68d95854fd28bf29b6128d0d97b437d20798a532e6bb5c5e26d0785594
GuLoader
+ 5'065 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4ssyjv21he/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 4d378955a3343db19bf4014cce0247e7e2084d04c9385b865c5e95002a3257e1

GuLoader

Executable exe 722c38612f58a2762ae67f38d4342c7aaa59c89c3546cbe0d69f4700b55420fa

(this sample)

  
Dropped by
MD5 0353ce9ae952595437601b535ee28e89
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4d378955a3343db19bf4014cce0247e7e2084d04c9385b865c5e95002a3257e1

Comments