MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1fc7c7bbff5e20c961978c33ad1502afb86703bf950afb2c8658a0ea43798c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1fc7c7bbff5e20c961978c33ad1502afb86703bf950afb2c8658a0ea43798c8
SHA3-384 hash: 4567f26f26738c549c2f2a018564be647e28722d4f59a1020577d9936df990b332d9f23804ce12676313964420d7f59b
SHA1 hash: d24340147d3f21976ac0579f393945149813dc83
MD5 hash: cd10cc348e76fd337dddfc765c837259
humanhash: north-orange-mango-vegan
File name:DOC_761892_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 10:21:04 UTC
Last seen:2020-05-22 10:52:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a53117862ae63bc105f05b726f2ca67f (1 x GuLoader)
ssdeep 768:rJu2Ae92zjwYq656VrfzIjpYLlh6y/Xvnf3Cu0MEcUsJhZxpBTz+WOme2zLDbTri:VnAe0HQm6VrfIpulKr9
Threatray 203 similar samples on MalwareBazaar
TLSH FD933B21B7A8DDF2CF151EF14EF8C9D8146BFC709A544A0F78853B2D3E329909A22716
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host12.axxesslocal.co.za
Sending IP: 154.0.160.107
From: lbakkes@rabdos.co.za
Subject: Gentle Reminder
Attachment: DOC_761892_pdf.arj (contains "DOC_761892_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1k89Uk6Z_HBTDGT505YN0bMpPWsQHTtx1

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.878098.22545.29434.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:13 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
1d7f1bd2e98ab61ef9f350289c83791d4da1463576ea3591b8cf3b9228f506ab
GuLoader
39e6a374774392541d763a447932461156263e643508c7958416023115d3ff61
GuLoader
6528c7c514e9309db9ae4cc57daadef585d47fd338e0084d1f297cab2b95b633
GuLoader
98af60250a9e0cedaa66f04fe39c412bd0007855255547df68f5da46686c9ced
GuLoader
9b77dffb83a26f126a334f4dd9de9c8a21802a1b05de3067584ebfa25826f9fa
GuLoader
bfba96f9fe309c54e375e1e1e868aa2a729cbc6989c9494dc4d74628004c3dce
GuLoader
ceaa099f2a2de97a363ef5f7cd4e42fc5f362113a470db75d69848e24a52b14c
GuLoader
e6c57e2f4dfc204c1e9768a3c722cda303af4795c7272a0b94b308cfe8c9c97b
GuLoader
f916b2daa9c47caa84bdab905de961a60ebb0f4fbcb3b3311eb429b7dcbaed8a
GuLoader
+ 193 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lkr8qbnhdx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a52fb6ff2af2b7c888568f9108c56d079f43f20562145a1ca88ad092fbc16b47

GuLoader

Executable exe c1fc7c7bbff5e20c961978c33ad1502afb86703bf950afb2c8658a0ea43798c8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366521/
  
Dropped by
MD5 466f6f0200ea73b2eb0b6550cad15d57
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a52fb6ff2af2b7c888568f9108c56d079f43f20562145a1ca88ad092fbc16b47

Comments