MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9ebbeaf380d12e97972f57de2e052f1e043370d0be0bcd0deb3ebc5334cc68a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 5
| SHA256 hash: | 9ebbeaf380d12e97972f57de2e052f1e043370d0be0bcd0deb3ebc5334cc68a2 |
|---|---|
| SHA3-384 hash: | eb36c0f424051e8b66d7ab20e32800e40336efae4ea3d0cca305d886ee61753188aa80a28ec56b7db8428928b2d8ab3a |
| SHA1 hash: | 062f0193972984887159001b259993dfdbb9c893 |
| MD5 hash: | 542a48e9c093374b9623d36bb8ff33c4 |
| humanhash: | steak-comet-twelve-arizona |
| File name: | ADHOC RFQ-97571784.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 106'496 bytes |
| First seen: | 2020-05-20 14:38:23 UTC |
| Last seen: | 2020-05-20 15:49:48 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 92509b0bf9f62a86d0c5ec577ebb679c (1 x GuLoader) |
| ssdeep | 768:8QboZv4A4bdbf6MhMLvevTcOwHklncg7JBhrnDTis7Tj7/0rKmN+:yZ4bVvTcOXlnJ1as7715 |
| Threatray | 5'254 similar samples on MalwareBazaar |
| TLSH | 25A3F763F8B8F9B1D62786BD1930C1B8462B7DB04A26C66730D5F65C08F3692F139627 |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader HSBC |
abuse_ch
Malspam distributing GuLoader:HELO: 162-241-214-233.unifiedlayer.com
Sending IP: 162.241.214.233
From: HSBC Advising Service <manager@emexapparelcorp.community>
Subject: Payment Advice - Ref: [HSBC105702520] / Priority payment / Customer Ref:[PI1007057QT20]
Attachment: ADHOC RFQ-97571784.rar (contains "ADHOC RFQ-97571784.exe")
GuLoader payload URL:
http://www.mailserverservices.info/bin_WLVtNygBmy177.bin
Intelligence
File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Threat name:
GuLoader
Detection:
malicious
Classification:
rans.troj.evad
Score:
88 / 100
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-20 14:13:43 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 5'244 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
7/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.