MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa7cc20a00c3eeaeeaf4ddf79ea3dd717320050777ce67afe196afc443c0ac60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa7cc20a00c3eeaeeaf4ddf79ea3dd717320050777ce67afe196afc443c0ac60
SHA3-384 hash: b674e01d2f0b1d296ab5c484c0cc7122742f1cd4a24c803e87db8b4fe306d8e5cf61261fbb8f65c5a064ed129ad4cc81
SHA1 hash: 14e4e32af3a4f3a31ff53fc6c8b72dd48d901083
MD5 hash: ab77a0d6963ae9404784e1acbcaa12b8
humanhash: nitrogen-orange-cardinal-georgia
File name:PO_5612.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:02:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 09ddc41c32f9fb4aef79d6f830461b98 (1 x GuLoader)
ssdeep 1536:jUaSPfxV40/r/Dk1Fl2vkgrKHxLdGKc+o0FDHdZ1gIps//m+wJjKFMr:cPXD/sEKVdhjFD9zucv
Threatray 5'119 similar samples on MalwareBazaar
TLSH DCB37C13FC4D9653D1548BBD3D178D793A0CB91D48002BDFA1396EABAD326922CA721F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yisun.co
Sending IP: 111.90.159.196
From: MINGQI ZHAN <Sales01@yisun.co>
Subject: RE: PO# 0440086 - KUAN
Attachment: PO_5612.rar (contains "PO_5612.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Fg7GCfa3BpDHSH24RdMtTv9r_9kW1QQy

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6448/
Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 05:46:05 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vj6mecqaypxk52xu3x3z5i65ofzsabiho7hgpl7bs2x4iq6avrqa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
081858e28f031a112eeb27a1bf1755a669f591b9e46b00f4effe3636ec90ae86
GuLoader
17b9dd3669aff525587ad15ad1a5232c766e18791cf4c3fe49cb783f7e75ea2f
GuLoader
465aa7665bc5764af3c93c4413e745250c6ecbda447428a6f7630e2d5875f0f9
GuLoader
48ce0e9cc96cb8d9ebe92bd7c1982e84d48baffdbada44d5949370a58ebae901
GuLoader
4ad79d7dfc755f667699bcc18f5bc0c3a64f09d1a969f7ccff0f255505cfc20c
GuLoader
5d11c69e8f7367536155879e0bbf5000892be66d64152804054043b922374509
GuLoader
9e5404dae4cf7c22028a3d09e99fa532a1f14e0636aa8112d177933a8b066b6c
GuLoader
a4906242ed8ef857d5fe0dd5b8e3f1f90baa1bdf6f1030ba09af4a2b8892e08b
GuLoader
a78ec6d8e8c174ed171a06e504d82e51c581858a66c28529de6f6700611ff024
GuLoader
b8fb24fed506f2b66406af4f29a8a0522564d337d9f374c3936b369e10a69437
GuLoader
+ 5'109 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-aslmv9qege/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 41745f7e7256d48d703b347c353e815fd35add8f53ee274663cbbe2572fb372e

GuLoader

Executable exe aa7cc20a00c3eeaeeaf4ddf79ea3dd717320050777ce67afe196afc443c0ac60

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378980/
  
Dropped by
MD5 55ee15686b16cfe7548e62786bdf305e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 41745f7e7256d48d703b347c353e815fd35add8f53ee274663cbbe2572fb372e
Cape
Cape
https://www.capesandbox.com/analysis/6448/

Comments