MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737
SHA3-384 hash: 645d1164874a3075222461ad42a70b42996cbae39e3f5316b647b8c36fa45bb2140098b4452a1a0beb3468ecd0e75293
SHA1 hash: b44105e906d0b8f464ec0f64721fbc62bd8adcf3
MD5 hash: 2cdcb28d03df54eaa0125192e7413fbd
humanhash: bulldog-skylark-pizza-asparagus
File name:Quote_Equip_049584579303img.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-04 15:55:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4026f729103b812aae1671acd7a78eea (6 x GuLoader)
ssdeep 1536:8ZMrgz7zyCsIvGMD11uqR7tgYIE9XWSbHhi8fFm/CLelE5XEUAb+:Jrg/GSD11Vt9wSbHk8tm/CLGEVE7b+
Threatray 5'825 similar samples on MalwareBazaar
TLSH BD937D9296FA7A71DD37DBF106B40918907BA82038CA4E0B1DF61D7C2B36AC9F460757
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Burak Nurlu <burak.nurl@douofil.com>
Subject: RE: ISTANBUL PROJECT-OFFER REQUEST
Attachment: Quote_Equip_049584579303img.iso (contains "Quote_Equip_049584579303img.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=26F87316A7E32BB5&resid=26F87316A7E32BB5%21106&authkey=AEPQO5hlkXN1T1k

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6574/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:36:48 UTC
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=twqn63vxbhhoorukqugawwmrjsue52woew7kotww2oj6bzpii43q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
03d585ea89f4e62bc18d42d1fadad0b02faca6d68c831e79fb542e9efd183f7a
GuLoader
26d95099636e212fccb35c4865a6aaee393079698b6c3a6f0a07ef2960a845b0
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
7095eec286427d0c168ef01a9d20e741032194cd9e4fb607c02a55c0a1df29c5
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
GuLoader
b5ee70ba14a2bcb9936bd64d99ce7b51785ba328b16a0be49d47c10cba17980c
GuLoader
c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
GuLoader
dea5303370177b621cdd1fd497396ddaa9e94d3edd1407339f52f0dc85a67046
GuLoader
e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3
GuLoader
+ 5'815 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-j94gwjt26e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 374190a5cee283698d71e1792a048e2619ae2c8e2cd7a6bfa64f96e99c133a36

GuLoader

Executable exe 9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379335/
  
Dropped by
MD5 7c98c274117e0b70fc3777a7f9b9effd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 374190a5cee283698d71e1792a048e2619ae2c8e2cd7a6bfa64f96e99c133a36
Cape
Cape
https://www.capesandbox.com/analysis/6574/

Comments