MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8657ccc1d28108a1b54a3daa4d72f80447da75c74c51726d5f4e9cbc14efff77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8657ccc1d28108a1b54a3daa4d72f80447da75c74c51726d5f4e9cbc14efff77
SHA3-384 hash: 8b881dd1a20782a138cee2ebfe06f0e090d68c8963a04c060fd52a3437955157ef38b5ed9bcfd8958849fe4c8fcda3ab
SHA1 hash: d664a9e13fc45b7012c65f90069547f3c87ca152
MD5 hash: 43b587b95d32d955a66a25d514f36c9c
humanhash: chicken-papa-crazy-fanta
File name:File.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 15:05:03 UTC
Last seen:2020-05-22 15:48:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 133c756347bb79c983187a0895ed0091 (1 x GuLoader)
ssdeep 768:9PZkfR5ReuK+MffgJ/W+oVo6qkSmvdjpem/ZzEl9rBn:7kfH+aJ6qkSmv5pemyjN
Threatray 162 similar samples on MalwareBazaar
TLSH 2D933C11B8A0DC96CA144EF18F294ED4116FFC2559100B6B35C936ECBA3ED51AB723BE
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: shbc10.ultina.jp
Sending IP: 218.40.207.10
From: Apiraporn <purchase.gr@euronav.com>
Reply-To: purchase.gr@euronav.com
Subject: Purchase order
Attachment: PO8734.gz (contains "File.exe")

GuLoader payload URL:
http://creativewg.com/feed_aWRklBznxc237.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.878098.31991.26489.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:35:55 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b5a7876121672a2ad042ba26d57e186b6f1c9b07daa32c2fe4864c56c2e9c4f
GuLoader
5ecdc843c22bf650e78bd9b4a533adabc49d0bfb8b183e9f1023862f1600ea8e
GuLoader
74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b
GuLoader
7b0eeeb2adc3fe44102752fbe9a4ed08b3e3bf07fe633f9c3f4ab67eafb6e0aa
GuLoader
92819abc5959ef5dcdec4ad5ffc638e8492d0deec4569fc9cef2501adec5474a
GuLoader
9b281a8220a6098fefe1abd6de4fc126fddfa4f08ed1b90d15c9e0514d77e166
GuLoader
9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bbca1f551bf11cb542a4614e875498980bb0ad143ba51dfa345af5b6d6300571
GuLoader
c523252072f5911950614d6a91d16036b0128c10458f05a4ab0b7a3221780c1a
GuLoader
+ 152 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-j6hegr96z6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 9d7662727893cad2d146dbc012e3594ead09decd8eb4a590425fad5ddd133987

GuLoader

Executable exe 8657ccc1d28108a1b54a3daa4d72f80447da75c74c51726d5f4e9cbc14efff77

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366784/
  
Dropped by
MD5 85f9cc04fbd84f24b62ea133cf3422c4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9d7662727893cad2d146dbc012e3594ead09decd8eb4a590425fad5ddd133987

Comments