MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72da06afa192a25cd6794024139a257d5b19eed726763a9014fc8bb28f2f47db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72da06afa192a25cd6794024139a257d5b19eed726763a9014fc8bb28f2f47db
SHA3-384 hash: 65d636bdee71a3404b3486325d1f92a7916b8902d67236b6c6a0d8d8e5238f3fe944d1cdb74a644831a4971ec2a6e5d0
SHA1 hash: a4e71cafb523fe451c24482251ad97906307fc40
MD5 hash: 3dc8949311b4fe9bd65f2e97e7c166ba
humanhash: social-bravo-maine-victor
File name:factura.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 13:17:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7d5757ab3608666a95d972f1638f6596 (1 x GuLoader)
ssdeep 1536:LsYYZHKT3+JRLrarn8qtanxFzENeB/b4698N+vr/VIqt67LZGYmhWLNIGe8Ye/5f:YYYZVJRHCn8mCxFgN+58N+vr/VaG8z
Threatray 217 similar samples on MalwareBazaar
TLSH 77144A32B62BDC63E64045B8D8F2C8F55464FC16C9128A17B6D17F2E7979083AD26337
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: horus.visualtec.host
Sending IP: 213.149.231.2
From: Paola piscinas <administracion@ars-iuris-abogados.es>
Subject: FACTURA 87
Attachment: factura.rar (contains "factura.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1JGEN1x_ZUhssG_Jw0_WjJLCVpGgLj7Ay

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5864/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.29602.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:38:02 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
13 of 48 (27.08%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219
GuLoader
25e1551ce3ed0f99ef77a16166273dacfbe6d0a37c9998a2f6c68639d21fc35e
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
GuLoader
6c47beb6dad9fa342b607b9868de8560ede70fc5cf2819c0269c5d6fd6c961bf
GuLoader
9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff
GuLoader
b0240d2ab275a142c3ba13632ebb00fd6cba189613ca85e4d800eb640ef0cd9f
GuLoader
dbe3adc3ffef68644b53d19190b59e28e31b6caedb7ba852ef2158e662921a37
GuLoader
+ 207 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-13hexrzy8x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 1f2dde6869e7419c3aceadbf6ff5b8f33d7f56ce092d96e9ddb7226f837c0cf6

GuLoader

Executable exe 72da06afa192a25cd6794024139a257d5b19eed726763a9014fc8bb28f2f47db

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370977/
  
Dropped by
MD5 a8ff9f0518fd2453b055608824ca0d81
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1f2dde6869e7419c3aceadbf6ff5b8f33d7f56ce092d96e9ddb7226f837c0cf6
Cape
Cape
https://www.capesandbox.com/analysis/5864/

Comments