MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55
SHA3-384 hash: 933226285e95922eb197be54f6a41efd5c61a391f2f572e799ce44a4b6c3930c4be27814657afdc599702965eb9101aa
SHA1 hash: d448f4d37d956b6cff94b138052ae82e9b88b1ca
MD5 hash: 349102943dad118d0581c3f5e253e9d9
humanhash: dakota-nitrogen-nebraska-spaghetti
File name:DOC22052020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 10:03:02 UTC
Last seen:2020-05-22 10:52:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e3640e71786502ec4d9e27f3161fb10 (2 x GuLoader)
ssdeep 768:T8/n28tp5VJruvkuaYQ8NLK1RAXc5jHMZcNR7vF6TM05uVCcpyVrolZHhyws1:Q5pfJavkT8/4jsZm65co2ZHhyF
Threatray 5'104 similar samples on MalwareBazaar
TLSH D3933B2A7A54F9E6C9204FF11D32CAD40667BD3119520B077FCA7F6D2C32A4E9929393
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: poc.creationfinancial.co.uk
Sending IP: 178.62.94.186
From: pablo <info@100gbit-ethernet.net>
Reply-To: kodak3399@protonmail.com
Subject: RE: 02-REQUEST FOR - STOCK
Attachment: DOC22052020.img (contains "DOC22052020.exe")

GuLoader payload URL:
https://noirrealtysolution.com//are/bin_bwocAPbwD126.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
1d3bd2bc079a411c7f6ae85c322147246640834d77cba3388f00a0ff1a86c6d1
GuLoader
5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
d159f3626adf62282b20470b72d2d93408da1cc30bdc4df23030fe77e2c992f8
GuLoader
fd268c1e214dd5e0ae8dd56403ef5001769f9fc0ac5e7491c9460a52dfd2cc89
GuLoader
+ 5'094 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mtsmtzmq3n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8a0315e216c3c8113675240c37c8bcb200747cea1361e2a164d03e86362be9db

GuLoader

Executable exe a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366528/
  
Dropped by
MD5 79717c60805b63e2ce8252b0b6e26bf7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8a0315e216c3c8113675240c37c8bcb200747cea1361e2a164d03e86362be9db

Comments