MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa37bcba59760edc9f4242c1e6bb619c04d98c6d4b039fee3aee88bac894c21b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa37bcba59760edc9f4242c1e6bb619c04d98c6d4b039fee3aee88bac894c21b
SHA3-384 hash: eef775ecfde043fd2c6c72a0999e4cbf85f61aed62b88223814eb45022bc5fe7ae9f082832c76f48e760cb64f8766257
SHA1 hash: c100a3bc79383b678b0e89c32b7d281df457d7c2
MD5 hash: a2311eb2a29ee07d821723419cbab35b
humanhash: iowa-zebra-angel-india
File name:SOA052020.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 13:38:42 UTC
Last seen:2020-05-26 15:24:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f0ab93b976905cb72fb1953eb0c3d9b6 (1 x GuLoader)
ssdeep 1536:zTr4rtZj2GukE/JIauaLznQPmmeCdZkX0IJ:/EXiGHSTwZHU
Threatray 5'323 similar samples on MalwareBazaar
TLSH 1DB3F65A35CDACBAED348FF148718AA25D32AD3568108F433C49F71E297698E2C7135E
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.mailbox.co.id
Sending IP: 202.182.57.40
From: Fadhlan Dani <dani@mailbox.co.id>
Subject: **TOP URGENT** Outstanding SOA/Payment Advice
Attachment: SOA052020.pdf.ace (contains "SOA052020.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=11M7M9sK_A6jz-zYNOEbg3_vlLiJ8T9GL

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4956/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AE.17102.6331.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:36:07 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0098bf2ef8230d9bb30b451868272ffb271fe63a8c248bfc9ce569991c19f279
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
50644eb4c3d4ce7aa1074c0096b43b2c4e7aaff4ce9e9a650c62ae934f85c081
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
9b330bb1491b230182ada7cd439a91edbf552bae7494a2ce6ebf55726660b086
GuLoader
a7496341a05c027a5e7adbbbed5d9633369b64f772d60f36d219ac48be774145
GuLoader
a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
e69790e910b1817bcfb714f20fda02b6e024babd3dfcea8fa982192928a5df93
GuLoader
+ 5'313 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-b3p915vjfe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 18021429925bca12eb1c9131b2e41097428c1ed26bab680eaa9d51e7de98a136

GuLoader

Executable exe aa37bcba59760edc9f4242c1e6bb619c04d98c6d4b039fee3aee88bac894c21b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369176/
  
Dropped by
MD5 3a8647e08805ba38d36571ac3d936a40
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 18021429925bca12eb1c9131b2e41097428c1ed26bab680eaa9d51e7de98a136
Cape
Cape
https://www.capesandbox.com/analysis/4956/

Comments