MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
SHA3-384 hash: 3d982259a1efcc92093c69899c190e707b35cb36242109ae6f49c68c475e3e2544d2afb0fe2ac5a4418eea97a2b1ff67
SHA1 hash: 27e3ef432eab3b6aa22ef74555efc7e9f1b0ff42
MD5 hash: 438e1a6a0b443e233277a1f575374241
humanhash: may-indigo-don-yellow
File name:Billing_Statement-162315070.xlsx.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-22 09:49:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1837609478fe760f0f96cbd6700d17c0 (1 x GuLoader)
ssdeep 768:EAQaxii1OqmZJl0NFM3sVmweCaAQN9Uncw+fUoxnHaw30NvpJ+aGDZ1jks:vow8ZJlg1ep3HMxo1Hz30N6aKZt
Threatray 5'125 similar samples on MalwareBazaar
TLSH 78A32B3178E0EC51EA5485F2AE674779192BBCB015468A47F3C77F2C29326D2E86334B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mxserver22-out4.masterweb.com
Sending IP: 103.25.223.204
From: Total Credit Management Services Ltd. <inquiry@totalcredit.hk>
Subject: Billing_Statement-162315070; 162315090
Attachment: Billing_Statement-162315070.rar (contains "Billing_Statement-162315070.xlsx.exe")

GuLoader payload URL:
https://qif.ac.ke/komi_yUyfmoyRdV90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 11:07:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
1589c05dfc5d8d25d7e959e05dc7b34ff4c82406cf48b21dd008de8364a745dd
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
ba3486ddcb815a5bfae81495f4f48576968b3d6de9f42e0d4358824d7ee583bd
GuLoader
cd88f1f0051fb232edba57fff3fc2b789e0b286ec9b938d8f31c3ef52c6848df
GuLoader
ce86a2218eff30dae2862d460329e65b67d6828acc82ad220ec584f419c30599
GuLoader
f99691f533ca56e970f2be2d26ea424ac50bff2aa2bfd43482d0a166bece71eb
GuLoader
+ 5'115 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8cmmy2c37a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 5654a745ac155f705c8a41216bbfeff470514f9cfe2c063024caeeddc3cde913

GuLoader

Executable exe c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365819/
  
Dropped by
MD5 7fc1c06da2c2a4a44028e95ac0b4b098
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5654a745ac155f705c8a41216bbfeff470514f9cfe2c063024caeeddc3cde913

Comments