MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
SHA3-384 hash: 417fe229b42991a4b19c93f88ded7b7f84381e138395fd5775b242c5ca19a2c3c0099c1bd2bb66f53e5233fc33f4b858
SHA1 hash: abcf3ff0da08066868e336252832616426043d47
MD5 hash: 104dd1ca7a54d30be1b255fc1be945ce
humanhash: august-victor-pennsylvania-grey
File name:Payment Details.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:10:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash adf0319d63190355a884886840545fb8 (1 x GuLoader)
ssdeep 768:sIbhc7416N8lBR2zzHYSedyIufhaBLxOCaIAt/FHin/M8M0KxakOZCLx:/bFO8lLeIAYBLxdAt/FQM8lK3xx
Threatray 5'127 similar samples on MalwareBazaar
TLSH 68734A0B6E48CA12E56046B05CA787AE2F16FC0C4A861F4B354E7E57BB327716C7E21D
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vps.aquawetsenterprises.com
Sending IP: 45.95.169.142
From: Accounts <info@aquawetsenterprises.com>
Subject: Re: Payment Details
Attachment: Payment Details.rar (contains "Payment Details.scr")

GuLoader payload URL:
http://84.38.133.164/bin_aLxfrX174.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6059/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 22:22:29 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u7h4nkhfbcreibr2igijehy4shrqoeudqkbpwifyxtnsjmjyxopa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
1e7f88a0e73d63b2f6bbbb4c009b1eec11999ce62da1d3122473cabd502134c2
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
5e1e5f69c17b7f7d578fe65b19f72e43b04752db32fb0c2c6ecc89b97ce0f01f
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
b1d9adc8ee80f24960fb84adbb029695e49763faecbf559f92410d44bf28b0d3
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
+ 5'117 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4rby2w2mj6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f90abc63b0dcf97d70cc28982e8bc3eb6665087a0251dfe9b2f6ef21fc467735

GuLoader

Executable exe a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374437/
  
Dropped by
MD5 3f602a9c16b3829514b7ee4dc8e8e0ec
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f90abc63b0dcf97d70cc28982e8bc3eb6665087a0251dfe9b2f6ef21fc467735
Cape
Cape
https://www.capesandbox.com/analysis/6059/

Comments