MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98b8466b7e210fb7867622725cf84b471daa8f037f11530cb831005896842c61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98b8466b7e210fb7867622725cf84b471daa8f037f11530cb831005896842c61
SHA3-384 hash: 502a446cd1a56bc1ef2a7959ed9729ed41d54b8e5aa2c34945db9cbe47daa62c03790c98e4284e2b8c168645c8b87136
SHA1 hash: 217419261c27532d6a63f8eda544374e86649f55
MD5 hash: 0d3909095a7321ed0bd29440a3734391
humanhash: vegan-arizona-artist-missouri
File name:PO225678_3356723-2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:49:26 UTC
Last seen:2020-05-21 09:51:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d2ed7108b3a3790fd4b760daf0b7cce7 (4 x GuLoader)
ssdeep 768:bI3t59oYAIkLTWO2B2hmm4vE+pRAhl8RfelL1A6uupEb2G2QsvbvbJ4dVmVo:0oCkLTWYh1+pRAzmelxA8pE4p4DmC
Threatray 183 similar samples on MalwareBazaar
TLSH D0A3F761F898DDB0DA244BFE6E718A6C123BBC345961CF0375C53B9C26F2985E4A074B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: luxasia.com
Sending IP: 156.96.59.92
From: Mr.Lee wang<careers@luxasia.com>
Reply-To: legitworld04@gmail.com
Subject: PO:225678_3356723 TREAT AS TOP IMPORTANCE
Attachment: PO225678_3356723-2020.zip (contains "PO225678_3356723-2020.exe")

GuLoader payload URL:
http://anakleather.ir/som/gozman_YlWSFLtM108.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.21228.5649.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:36:35 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tc4em236eeh3pbtwejzfz6cli4o2vdydp4ivgdfygeafrfuefrqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
1d7f1bd2e98ab61ef9f350289c83791d4da1463576ea3591b8cf3b9228f506ab
GuLoader
3304692b98947be42789e37a03aa03804b66df6235cc20d8611d7aa42c27c7aa
GuLoader
3371cb1ea5c1990f19e0141454e418ba8e30d70c140d5f4cd3e797aa80a9bb9c
GuLoader
563ee97396c60bb7d587d98e95d68109cfe9b0a924860bee678e1e4da196bb64
GuLoader
74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b
GuLoader
98af60250a9e0cedaa66f04fe39c412bd0007855255547df68f5da46686c9ced
GuLoader
a937b882d7884c7b1c92377d8a708cb5e65377c1bc6d6aa923e7183c89da91dc
GuLoader
d18ad8db3ccb45bd0b3bdfa9aa444ebf49a2555d266d54dd44b2aa49451c7a0a
GuLoader
e6c57e2f4dfc204c1e9768a3c722cda303af4795c7272a0b94b308cfe8c9c97b
GuLoader
+ 173 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7nh1pcdfrn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 88ad92669dfc68f9ef1b4845163d0d70ff2d6c74cf657b74a3caeee99db251b5

GuLoader

Executable exe 98b8466b7e210fb7867622725cf84b471daa8f037f11530cb831005896842c61

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365793/
  
Dropped by
MD5 a63f1bf04a1b7c0990ea4ba28d760b52
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 88ad92669dfc68f9ef1b4845163d0d70ff2d6c74cf657b74a3caeee99db251b5

Comments