MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4
SHA3-384 hash: f03d264de5f079c26c024ab4b4ffe7e82cf75a2b1e85102c4fc5a4d71a70b95ae637dab8d601b516e008f9f0d355c13f
SHA1 hash: c765c62d2ed14a4a6f5e91fa83b422853b93474d
MD5 hash: c58aba6fc928d13a88547786882bf5cb
humanhash: twelve-juliet-five-mountain
File name:Payment invoice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:08:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0241b179c9b9234478cd657c561d5752 (1 x GuLoader)
ssdeep 1536:eGSPfxV40J6Xc5a1kgrKHxLdGKc+o0FDHdZ1gIeTqm5Ocb/4hZd:e/PXJKcmKVdhjFD9z+Kh7
Threatray 1'261 similar samples on MalwareBazaar
TLSH DAB38C03EC4D8653D1548BBD3C179E793B1DA90D09016BEFB139AEAFAD312422DA711E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: akgunduztekstil.pw
Sending IP: 142.11.196.10
From: Simon Coverdale <Simon@akgunduztekstil.pw>
Subject: 付款已存入帳戶
Attachment: Payment invoice.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6289/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 02:31:43 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vwatfuvdig7xghaql3wu32rdk722wulmbbkvakkfsoroihzu5pca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
9d772f078ebff5dd18830b266cf39eaea44289e765d6290e8589e684a22d0946
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
e8f205cb55b6e064b6252572493b15776b339d9118f182d220731077629e8bbf
GuLoader
+ 1'251 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-aqy4jb8bs6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6289/

Comments