MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dd156ec1ebb073ea1d8f503df00c1d59a1751488284df32915cd5ba064f1312. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8dd156ec1ebb073ea1d8f503df00c1d59a1751488284df32915cd5ba064f1312
SHA3-384 hash: e33dd4aa1e363d343df8217b6ab27b8677ddb31c743add42761cb074e7cb74836db15edac9483ec06dd5adea0b3959c9
SHA1 hash: 1ea433647c25c8c304f081a5025d2dfb44642b30
MD5 hash: 46763870e5f54e34c242636be2997d9a
humanhash: lion-fillet-magazine-vegan
File name:MOQ.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:14:05 UTC
Last seen:2020-05-28 08:22:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a91d39a26ea771ea85f72c865bb28bae (1 x GuLoader)
ssdeep 1536:FI7cJhHI4bppjy2OUW8tVPO40Nc+L9N7AYLwsuA9ofolnAKepOvi9L6STfnDtQL5:G7s5Lhr0RQAFTiHg
Threatray 197 similar samples on MalwareBazaar
TLSH 5D144D3AB655DCB5DA5044B0DED0C9F81463BC10D50B8A6B76C03F2E76BA093A976733
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 162-241-171-151.unifiedlayer.com
Sending IP: 162.241.171.151
From: Aziz Reffas <aziz.reffasdz@gmail.com>
Subject: PRICE FOB/MOQ
Attachment: MOQ.zip (contains "MOQ.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1XzxX2CtCrT_-H-lLCNjATUkxX0h7QbJ4

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5803/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.16436.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 23:03:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
093067924e8912798634d4db6faa33ada93f223939027af8c8a65af4263bed24
GuLoader
1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298
GuLoader
263de484cf55f9d3d6d7cad6bf3e4a0b34c1e553daf1edec77a239a3d5f04e2e
GuLoader
313f99f5a4fd2ee3bd7b4f1c080a581267d9c5aff9ca4edbb1403d05b00c5c02
GuLoader
720cf0a7e3b7d3c3797b222ae40f89dadedf951fd7e7f311ca703dd1be55bb71
GuLoader
80c4000e65ff310fe0cefdfcb11f0b70fe1ffabc34aba3e05a51d5d03fa4930f
GuLoader
85b393f8bfd5d3e61522dac9e3c57c3d2f75b846146e9507e709c00813e349b8
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cc5e11dc13759723df847785ddf888d5e5d3733687e4812e420df783217049de
GuLoader
e54b26c70fca067b3e4b78bfc4bce96cd9e5d5173e7fecae50f8e1a10ddb85e4
GuLoader
+ 187 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-z9e6yqgsfa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2ce416724651d385c00bb65cb8b1851b4218242fc1cd447cbf2fdfea712382f1

GuLoader

Executable exe 8dd156ec1ebb073ea1d8f503df00c1d59a1751488284df32915cd5ba064f1312

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370274/
  
Dropped by
MD5 8e15e11ad20a40fd2b765e27b5607b81
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2ce416724651d385c00bb65cb8b1851b4218242fc1cd447cbf2fdfea712382f1
Cape
Cape
https://www.capesandbox.com/analysis/5803/

Comments