MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 879e7676629e99b237cfb7781fbeea4442ed20c4c72f1e0a64aa596365c53d40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 879e7676629e99b237cfb7781fbeea4442ed20c4c72f1e0a64aa596365c53d40
SHA3-384 hash: 975d64a7dc1dd02a221441c87945df8acd90cf5a620ac57807ef031cd374e84bcbbf1b319732c3a1b02c3fd018110021
SHA1 hash: d84fbf579ccbfa06f1a875196813273c97b626bf
MD5 hash: 01960417a3df5f3d683863b53825460b
humanhash: solar-east-quiet-cold
File name:TT SLIP_WA0085176.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-05-27 18:24:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 16fefa9270336cee324b8f4862c72aee (1 x GuLoader)
ssdeep 3072:3vtf2Da9dLKgxalgoL9Rtnak8I7v57yo0O7:fx2DarTanRtnak30
Threatray 220 similar samples on MalwareBazaar
TLSH 9D044A57B4D4DC62CD348EB56A7A89E61C376D21FC50AF0F3306F3AE19B76864AA0305
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: alliedcpa.ug
Sending IP: 37.49.230.76
From: accountspay@alliedcpa.ug
Subject: bank transfer confirmation REF: 34128905
Attachment: TT SLIP_WA0085176.z (contains "TT SLIP_WA0085176.exe")

GuLoader payload URL:
http://37.49.230.180/MYFTPSTUB_ICGTElzNL218.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5764/
Detection(s):
Sanesecurity.Rogue.0hr.20200527-1304.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 14:15:17 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
13e764a18e1a85dc72ef910f952c660d580da976412e36efedca52e65b5790f4
GuLoader
20a6a3dde2b79a85641bcfa4d8e03a48dde38aa55137f18fb567de24d3a0beec
GuLoader
6083d7084795ed9d60be324c610dbfab644a3e25c982755a93071e23db11198a
GuLoader
75692c6d88025cd8de4afa58076bd2dfe2b3adbf536c13513bf1f9b99811e143
GuLoader
793f375be5ed01b66b47d24ca49594af11ddcd125f3fb41ca77cae45632eba52
GuLoader
7a48dec0d80b9fe91920f32ae466525c89452544b3fbf499bf10401ab4119be7
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
GuLoader
daac1aafd4f0f7b1e1e0112e913285543d73179216bc42cdf67036dae67955f0
GuLoader
fd25b09006d514098cff84fe7c68b57ddbf3f5b6229e419689e2bfb28164b6e7
GuLoader
+ 210 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5e9q69nbaj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 19a0cd081567fd9a07f047c20ff39f803d1d7e269f427251e52d05345e433316

GuLoader

Executable exe 879e7676629e99b237cfb7781fbeea4442ed20c4c72f1e0a64aa596365c53d40

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369972/
  
Dropped by
MD5 5b511c6170c167285ac23839c2b8ea17
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 19a0cd081567fd9a07f047c20ff39f803d1d7e269f427251e52d05345e433316
Cape
Cape
https://www.capesandbox.com/analysis/5764/

Comments