MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb5c8472255fad61a597de4e980e2c667c975bd34026c6ac87bbb905588999ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb5c8472255fad61a597de4e980e2c667c975bd34026c6ac87bbb905588999ea
SHA3-384 hash: 1e2ff0a50fc30e63a94b7281e09d99b7907977854dcbe3b2ba15d3b145f2716b4c73c3eafc39e5141b5c278790b19ae7
SHA1 hash: 91108548a7f11ef7ec73cc37b3a99816157c4f79
MD5 hash: ae26b4698e368a653675d2e26b1f2f1a
humanhash: oregon-low-kansas-carpet
File name:PO #010.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-21 08:36:33 UTC
Last seen:2020-05-21 09:51:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8ef235bda50b6b127dacf0e838930f56 (1 x GuLoader)
ssdeep 1536:rOV3NeLEVwboT3DWV5fhkC9J4Q0upA2xqeOh:uULEKoDWr4QZA2w
Threatray 5'837 similar samples on MalwareBazaar
TLSH B1B3A22AF755F862E52448FE1FA1CEA811C7BCB84982E70374E6BB0D24F1C91D529323
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: apexlimo.com
Sending IP: 37.49.230.204
From: "sales department" <bsilver@apexlimo.com>
Subject: New PO/ Invoice #-010-240
Attachment: PO 010.Z (contains "PO #010.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1laX8hHdYnsaH0xAEpi7Lx02iM6jArVPvb$4E

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47689.7416.31332.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 16:24:13 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnoii4rfl6wwdjmx3zhjqdrmmz6jow6tiatmnlehxo4qkwejthva._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
161ab2a24a2f0a71e1a50d1110b3ca25ec1a53c1412c2235db94a871bc3c9563
GuLoader
16de0aa2d02fae6460bb173c9104df4fa758343ab226aea79a3910dce19fa58e
GuLoader
1b2ffcf595970b69b94816a16890b7f0664f00dfea87fbc0df5abe453baedd41
GuLoader
218a9186e336f916762f64853f94cab4f6edc3c5cb8cca7a3a84cbdec2ee51cb
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
8cd14212205658092f91a376a85fb70802200671ea0cbc74b73f1fcaf0f88ddb
GuLoader
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
GuLoader
9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
GuLoader
b7a360cf2a3651e663b82407d8aa940f66b4c7f9569fc445771d8bc17f727bef
GuLoader
de55a1b3e711c74c00998d9c4cb0f5da9672b109e2f362ac55f4a9f4033ffbf7
GuLoader
+ 5'827 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fnyg58ek9j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z 1cbb48c501cb9c86f76b57220a54686f7e77476e4261bf26928e437b7b101d34

GuLoader

Executable exe bb5c8472255fad61a597de4e980e2c667c975bd34026c6ac87bbb905588999ea

(this sample)

  
Dropped by
MD5 67be5f1a04f458f436c861eb576fc2d7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1cbb48c501cb9c86f76b57220a54686f7e77476e4261bf26928e437b7b101d34

Comments