MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9
SHA3-384 hash: ff6c15c7f600f8c53154e2b36d102585ff58da1a1007a3d81e130a894ca42948ae29a1db0422a6f755d4b01cba677a0e
SHA1 hash: 55938e981210e66e75c008213e5e8b92caee9159
MD5 hash: d40270b77c07c1ee01dd66bd468b5c52
humanhash: mountain-july-vermont-delta
File name:RFQ CTC Group Global 934363Img.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-04 15:54:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4026f729103b812aae1671acd7a78eea (6 x GuLoader)
ssdeep 1536:ONsMrgz7zyCsIvGMD1wUjYEpMYjqjqj2awnLNOZluu0dUFU5SNFMb8alq2FZU9MJ:Ofrg/GSD1wUjYEpr00NwnLNJdUq5S8br
Threatray 2'380 similar samples on MalwareBazaar
TLSH 71938D92D2F6BA71DF3ADFB21AB05510403B9C2238CF4E0B16F65D782722985B5A3753
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Titus S Kemp <procurement officer@ctc-group.com>
Subject: RE: Urgent Request Quotation CTC Group Global For HTR 864
Attachment: RFQ CTC Group Global 93437326563.IMG (contains "RFQ CTC Group Global 934363Img.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=1B5AC29232549D63&resid=1B5AC29232549D63%21106&authkey=ADDxT4gP2p2WZpM

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6567/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:36:40 UTC
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qa7jnro4e47lyml3mi2uy6ihil53tad64v36kj4q6kj63auy3xuq._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
122256cada458b72697ddcda3d76cb49671318a2e38e898f7f38aeb6f1a19cab
GuLoader
13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c
GuLoader
2215802f5deb432f07a1aeebb7eeeffdf18cc5a035b0315ea693b08a4dbf942d
GuLoader
5f8025bc323e672da091a43d6d7ddf8cc6d9e880ddefde5955d0cbafd0092c83
GuLoader
69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839
GuLoader
7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061
GuLoader
85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3
GuLoader
893ef71a58da9c450161aa56fddb97cd0e9c377f94a55e1d71a42569ee085de3
GuLoader
ecab33f5998dc995c200750f575b8571ae2a9d00b8264ed557be2d651230064e
GuLoader
fa4d6e0887210c5f967d3349942cd846130e5c3c227e56cb0782ec4bc0d9bea5
GuLoader
+ 2'370 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-b46fvj1hta/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 22b8f8e766f0bb235720c139a586cbe889437fc29c038685cec27d1d295b28fc

GuLoader

Executable exe 803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379328/
  
Dropped by
MD5 07a7f1829c721ce9e5c442908afcfbd8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 22b8f8e766f0bb235720c139a586cbe889437fc29c038685cec27d1d295b28fc
Cape
Cape
https://www.capesandbox.com/analysis/6567/

Comments