MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb62c35fede3c3b21e2d23591e557962491698c6b834ff03f0a42cf714cc2f24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb62c35fede3c3b21e2d23591e557962491698c6b834ff03f0a42cf714cc2f24
SHA3-384 hash: df8a2555f8bcf4ef9515269fca88388b0f5fee780cfd430223364da5e46d7ab4cb9bec26afaf93b02fe5b3f8eaf1ec4e
SHA1 hash: 36234d19ad529c77122c0cd740b92803f5d02306
MD5 hash: f8c560a0ed5091b4a242b9cdd42d6fe6
humanhash: florida-bluebird-kilo-helium
File name:RFQ Request Order JUNE 2020 TT98949878820899999948943889834.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 14:48:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a64947da4a8dde1daee9f63de3b171db (1 x GuLoader)
ssdeep 1536:L31ysFY6TjMve+ZLLDRZ0goKKD6cpoog1zRmg:bQxuQmIZnuDoog1zRmg
Threatray 1'285 similar samples on MalwareBazaar
TLSH 7373AE1BBC04D552F05886B16D938A4E3712AE295A036D9B3A4B1FFFEC34AC25DE121D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: biz0.planete-import.net
Sending IP: 185.255.130.188
From: Ali ÇETİN <contacts@planete-import.net>
Subject: 新项目订单紧急 birusezyllever Request New Order JUNE-YYNBHHGBAOI/ TT#
Attachment: 2 RFQ Request Order JUNE 2020 TT98949878820899999948943889834.rar (contains "RFQ Request Order JUNE 2020 TT98949878820899999948943889834.exe")

GuLoader payload URL:
http://naturepack.cc/files/bin_ArPodh112.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7079/
Detection(s):
Win.Downloader.NetWire-8010885-0
Create hunting rule

Gathering data
Threat name:
Win32.Spyware.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:50:12 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=znrmgx7n4pb3ehrnenmr4vlzmjerngggxa2p6a7quqwpofgmf4sa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
9d772f078ebff5dd18830b266cf39eaea44289e765d6290e8589e684a22d0946
GuLoader
ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71
GuLoader
c123d96d15083236ebd509b2a5381b350e533d3c869f9aeed7df54651a04c238
GuLoader
c3b88b1d9c86a4f7cb1ae7c8b91d44d67c9c9e66ea51504c3204eb575a668fea
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
d68f000de2f2dd32bdebb6b810d3d441c5d05de1d11eba965dc2d4ade0768e50
GuLoader
dbfdd9906827edada6d6bb63194a7b952f6e5f7592f59f2a9b7ff0dbe9dd01c0
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
fdfc7684865596ff802669590f077277385119144e11e6a1827910c39b0d5731
GuLoader
+ 1'275 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3tzjrg1nk2/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ab5de4be72cc99fb490279bacdb83a9ff51f297eb4fe7bb13481d45269dfe0ef

GuLoader

Executable exe cb62c35fede3c3b21e2d23591e557962491698c6b834ff03f0a42cf714cc2f24

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/364770/
  
Dropped by
MD5 2ad921495fb3a590cb5f5c0b1a78791f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ab5de4be72cc99fb490279bacdb83a9ff51f297eb4fe7bb13481d45269dfe0ef
Cape
Cape
https://www.capesandbox.com/analysis/7079/

Comments