MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061
SHA3-384 hash: 5cdfeaed5a8bb103c1f5d8d2f6eaf226f222051267f8d344a98339fe11c2bcad3cc2e4f5568c79fdf366ca858ec9af5e
SHA1 hash: 5d682fd001e54ab1bcfaf7266564a3c0cdbbbce7
MD5 hash: 174f32e90c9316ecf500e2a8a4965062
humanhash: snake-single-pizza-earth
File name:SQ0894795.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:21:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e5b3b4e5a5a8ca119b91dc7b36cb061e (2 x GuLoader)
ssdeep 1536:CkFO8lLHu1SiFyZdbBoDYlaLzwKQwjjDsDkWdO5:VuodmYlszwPfq
Threatray 2'465 similar samples on MalwareBazaar
TLSH D39306037ED49905F1B24A706EBB86996F26BC1949428A4F310D1D4B7B317A2AC6D33F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns2.agrobogautama.co.id
Sending IP: 122.102.40.26
From: Land Mark Tower <james.john@landmarkgroup.com>
Subject: RE: PAYMENT REMITTANCE
Attachment: DOC12.gz (contains "SQ0894795.exe")

GuLoader payload URL:
https://taleoudine.com/bryt2_xkAWOqihL67.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6107/
Detection(s):
Win.Dropper.Nanocore-7995237-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 02:21:01 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pi5m2qjag3q7a4kzl6pocrgul3t5zqfg6t5yy3wukaroyqr6mbqq._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
122256cada458b72697ddcda3d76cb49671318a2e38e898f7f38aeb6f1a19cab
GuLoader
13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c
GuLoader
2215802f5deb432f07a1aeebb7eeeffdf18cc5a035b0315ea693b08a4dbf942d
GuLoader
5f8025bc323e672da091a43d6d7ddf8cc6d9e880ddefde5955d0cbafd0092c83
GuLoader
69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839
GuLoader
803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9
GuLoader
85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3
GuLoader
893ef71a58da9c450161aa56fddb97cd0e9c377f94a55e1d71a42569ee085de3
GuLoader
b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac
GuLoader
fa4d6e0887210c5f967d3349942cd846130e5c3c227e56cb0782ec4bc0d9bea5
GuLoader
+ 2'455 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-nqezkq42yx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e

GuLoader

Executable exe 7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374172/
  
Dropped by
MD5 663d39d174d4e1e034939da4017b6ee8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e
Cape
Cape
https://www.capesandbox.com/analysis/6107/

Comments