MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c808fef514fbb79de397a7c84bd1a2763b3b476c821d7c6f7d05b64501c900f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c808fef514fbb79de397a7c84bd1a2763b3b476c821d7c6f7d05b64501c900f
SHA3-384 hash: 3cdfe1d9a86620507d9d1edecc9c482bc8e75ce75c74647528d5774f1ce20bdb5356e219701191fc199edb7060de1d33
SHA1 hash: b60fff4a2e3e95757c6499964ed762dd49b43a19
MD5 hash: ad6230c59d15fd0030facf29d2bd5cee
humanhash: equal-uncle-vegan-snake
File name:ups.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-26 07:21:35 UTC
Last seen:2020-05-26 08:15:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 361286440da81148679158d8eab367cd (1 x GuLoader)
ssdeep 1536:3b9J/gmpwR7PcaZeqSXs3bZ3+J5b2B6Dx:3rrmR7PhF05
Threatray 902 similar samples on MalwareBazaar
TLSH 71B30A1EBCC2ACE5E80089B34C91C6900DBFFC725C544F8F709ABB5E59B67462DB8265
Reporter abuse_ch
Tags:exe GuLoader UPS


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: giant-monkey
Sending IP: 112.213.32.15
From: UPS <support@ups.com>
Subject: Dear Customer
Attachment: ups.img (contains "ups.exe")

GuLoader payload URL:
https://www.sendspace.com/pro/dl/8auinq

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5603/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCW.5866.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 07:36:18 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ae738edd2fc130800042a864210df0111d64cd29953198c644035e9d2679acf
GuLoader
11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
4675be33b1b3f4b1a348a86088a709b907841e6a6daaa37793c0ed994d40f5ae
GuLoader
74cfeab3123defd40a4efa419fcc77b17178c27b3b70b97972939f7a8d899957
GuLoader
8630725356bc4afad2815f39d01238d6e10477e04d19b5fcedcafc93c7519683
GuLoader
8fc12c74c5af599fd99d302b2429d8c8a5d3a5d243d7941758fda223ee3cb7eb
GuLoader
98be845142b95ecbd3c9138d67e531253d822494a9359b14ddc83fde3add7996
GuLoader
d022613003b09d53a5004b7180d6d5bcfad0a1b1efefd3d7e6f69ca63204f483
GuLoader
edc7cf96821b2ba673f3a1df6c3cb50057cb0637259d2905279aae1630794cf9
GuLoader
+ 892 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6p3sdevrde/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 590191caee9082c3789cdcd5c4daba2fcf73805b9f8631a3b6f7bd0488da4c9f

GuLoader

Executable exe 7c808fef514fbb79de397a7c84bd1a2763b3b476c821d7c6f7d05b64501c900f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368667/
  
Dropped by
MD5 b7ce5160936947cee0a782782c1c211e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 590191caee9082c3789cdcd5c4daba2fcf73805b9f8631a3b6f7bd0488da4c9f
Cape
Cape
https://www.capesandbox.com/analysis/5603/

Comments