MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7496341a05c027a5e7adbbbed5d9633369b64f772d60f36d219ac48be774145. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7496341a05c027a5e7adbbbed5d9633369b64f772d60f36d219ac48be774145
SHA3-384 hash: 8872795882fb1e6ae33269eb9596f31753bb8d7ffb0934bb9137dadc08f574f8a079c36e45489d457bc0cb1d94cfc15c
SHA1 hash: 5ae6fa2b6fde2382de82ab09812ba1bdfe4e90d2
MD5 hash: a8782eec06facde024544b8ed728f2bd
humanhash: fix-fruit-oklahoma-twelve
File name:QUOTATION 2638.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:01:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 47a57fdef6d29105e1ba0590391a2d0d (1 x GuLoader)
ssdeep 1536:g0uTh8w8cb3p8M1BP3AGhSuwM/je7diL98eJ/ZplhhtUmP8jYM:g0/8fHPwGfbOiFxlSt
Threatray 5'277 similar samples on MalwareBazaar
TLSH 15C30927BDC48D42DA0509B18C27BBF76C36BD318E152F2B324DB95DA67728129F2316
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.mailbox.co.id
Sending IP: 202.182.57.40
From: Budi <dani@mailbox.co.id>
Subject: RE: FW: QUOTATION SPECIFICATION & SIGNED PO COPY
Attachment: QUOTATION 2638.pdf.rar (contains "QUOTATION 2638.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1ziBRO49X1iOuugPcWT0zafqQgFqZnZnt

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5667/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:12 UTC
AV detection:
21 of 30 (70.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
88c0ef97b6edb3f676523e57ee95a23604efc28ef3a9db916c2123c793b44571
GuLoader
97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c
GuLoader
9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
GuLoader
9b330bb1491b230182ada7cd439a91edbf552bae7494a2ce6ebf55726660b086
GuLoader
aa37bcba59760edc9f4242c1e6bb619c04d98c6d4b039fee3aee88bac894c21b
GuLoader
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
GuLoader
+ 5'267 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-azd56wyrce/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar d9c8929f64acc4bcf0c6fc555df1af0779ab0ac34411ef0aeb552e775601b350

GuLoader

Executable exe a7496341a05c027a5e7adbbbed5d9633369b64f772d60f36d219ac48be774145

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368714/
  
Dropped by
MD5 6c429ef4b69ea338d900d1c88b0cb61e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d9c8929f64acc4bcf0c6fc555df1af0779ab0ac34411ef0aeb552e775601b350
Cape
Cape
https://www.capesandbox.com/analysis/5667/

Comments