MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce86a2218eff30dae2862d460329e65b67d6828acc82ad220ec584f419c30599. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce86a2218eff30dae2862d460329e65b67d6828acc82ad220ec584f419c30599
SHA3-384 hash: 46465f06348d5e7bfc20ceeb5f923bfaf29cb22d4f5f6693eccec0d2bb0b0f0ef2b38ff620056590329f0e8bb9e83e6a
SHA1 hash: c7d29abc24e8221f931fd0b3e2a2cc17c816e69f
MD5 hash: afefddd28e50144b56fd566596cc82ef
humanhash: friend-neptune-leopard-yellow
File name:Billing_Statement-162315090.pdf exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-22 09:49:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 66c3dae82c4fd1cf683ea3026b0441a7 (1 x GuLoader)
ssdeep 768:WzpVYS1RPbmIw/eTAcXlh9/VOfu5NJnrCDrb3YvUqJvNyOhB6IMM8crFxuryULi9:mpVYgJyIw6Ac1rcDrb3ef9og8QF2LI
Threatray 5'100 similar samples on MalwareBazaar
TLSH EFA31836BAA4AC61C6548EF11D699B7815AFEC7569030F0B74CB7B2D1433A82F52138F
Reporter abuse_ch
Tags:GuLoader pdf exe


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mxserver22-out4.masterweb.com
Sending IP: 103.25.223.204
From: Total Credit Management Services Ltd. <inquiry@totalcredit.hk>
Subject: Billing_Statement-162315070; 162315090
Attachment: Billing_Statement-162315070.rar (contains "Billing_Statement-162315090.pdf exe")

GuLoader payload URL:
https://qif.ac.ke/komi_yUyfmoyRdV90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 11:07:20 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
GuLoader
3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'090 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qye8nsbgpe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 5654a745ac155f705c8a41216bbfeff470514f9cfe2c063024caeeddc3cde913

GuLoader

Executable exe ce86a2218eff30dae2862d460329e65b67d6828acc82ad220ec584f419c30599

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365819/
  
Dropped by
MD5 7fc1c06da2c2a4a44028e95ac0b4b098
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5654a745ac155f705c8a41216bbfeff470514f9cfe2c063024caeeddc3cde913

Comments