MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c4a0f5a5739f570edea6dcbb7d5701cc6467ccdf00554a88669aab0f743180e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c4a0f5a5739f570edea6dcbb7d5701cc6467ccdf00554a88669aab0f743180e
SHA3-384 hash: 12caf8659f228c2c579a55a70e367cdda64c3e5d944a32831cf671a5bc922f47363a53080e6cb7702e74130a786772c9
SHA1 hash: 43df14e026bc6c7983cea38aef1f05449d3a6430
MD5 hash: 4f29400ff2b9ecdecd44105f161e9f10
humanhash: leopard-pip-east-grey
File name:PL 32100.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:39:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b4cdffeb5748dd422d90111fa7c49609 (1 x GuLoader)
ssdeep 1536:/SPfxV40vNtzdvQcIqB4kgrKHxLdGKc+o0FDHdZ1gIFLArzZMVC6lcz:qPXvNtzdYIByKVdhjFD9zAkcz
Threatray 966 similar samples on MalwareBazaar
TLSH 7CB37C07ED4D8A43D0548BBD2D579E7A3A0DBD1E0D405BEFB0395E9BAD312422CA721E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vxadh-25.srv.cat
Sending IP: 46.16.59.230
From: 采购 Reps <fax@chozascarrascal.es>
Reply-To: pablo_papillon@protonmail.com
Subject: lista de empaque/BL
Attachment: PL 32100.rar (contains "PL 32100.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=19_5kwiV2Wb0oUOh12YotcI-5utPJBGbJ

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6342/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:46:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrfa6wsxhh2xb3pknxf3pvlqdtdem7gn6acvjkegngvlb52ddaha._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15187de4f29194c60f3f199549c345592e967ee8ecf9a39b0a40c1796fdb222c
GuLoader
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
3ab6a46e13911f31494184adc9f030cfd6f81ea2f243b4fd3b4ea3c9d5c5a3e0
GuLoader
599b9d630be54cdf892e8a434cd89410dd81b010512de5240552a16f4edec4c7
GuLoader
845f37af5c185070659d6a1567091c612a7f4363bbf0e93192f099967d6d8cc2
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b1870a333468762962079f0f81ecd22f7e40e53c504dd031e999761f267bc347
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 956 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7ggr18f4se/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 12c1268e5aff2ab64ec1782b47fb2f5d7742b89f10ecb4ec7a0feb9d3f36693e

GuLoader

Executable exe 8c4a0f5a5739f570edea6dcbb7d5701cc6467ccdf00554a88669aab0f743180e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/375711/
  
Dropped by
MD5 e410557357a9a66be3d2ac36a77b7870
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 12c1268e5aff2ab64ec1782b47fb2f5d7742b89f10ecb4ec7a0feb9d3f36693e
Cape
Cape
https://www.capesandbox.com/analysis/6342/

Comments