MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d28f7e29c76ea32e8a690122a4d729408136d83a70ac491231b7458c740c86a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d28f7e29c76ea32e8a690122a4d729408136d83a70ac491231b7458c740c86a5
SHA3-384 hash: 3f8a15c59ca82c2f0fd0660a56a4af2fdb7d4902268c768c7ea88339969bb1ae7fd1fb180af07c66c33fd091c8f4a7a4
SHA1 hash: 10813e2529cc53c75d6f02bbc7403f1ac798ca9a
MD5 hash: f97539ffe6a1c4d4649e64e2f8fce430
humanhash: cup-ten-spring-berlin
File name:Request Quotation.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:47:38 UTC
Last seen:2020-05-21 09:51:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 07ac3dbd49668a1c663b5d17f7f5d5fa (1 x GuLoader)
ssdeep 768:w6wk0kFc3NhVppNE4hqWg4w8nD07pf2VOYDe4MXs4NKsmY01OC3D:3ahVppm3Wg41AgVHDe40jNKsEOCT
Threatray 734 similar samples on MalwareBazaar
TLSH 69A32824F064DC61E81442BD1E924AAC512FEE346892CB8BB8C9F75D16F76C1F939387
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmipt.com
Sending IP: 156.96.62.50
From: Purchasing GMI <purchasing@gmipt.com>
Reply-To: mhosek46@gmail.com
Subject: Request Quotation
Attachment: Request Quotation.zip (contains "Request Quotation.exe")

GuLoader payload URL:
http://anakleather.ir/som/ebuxxx_CmgdnGPQUo187.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47939.10984.8203.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 01:04:19 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2khx4kohn2rs5ctjaerkjvzjicatnwb2ocweserrw5cyy5amq2sq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1cd0666b758f28d4d3a402dc10f1b185f5a1fbbe7f74cfceea475e72a5bbecb0
GuLoader
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
b4c38303fd0ec6723132e2bc5017904720211a5e660d4e8a722707c7d4214586
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
c21e141ac2bf8379284f20873d9a401fcde6ed367a200fdd7df782e67142ac24
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 724 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-knknb1edqs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a71c0f86ef3b570a9d3429e4787bf32d79a1539a81d71788f84124cbcd07112c

GuLoader

Executable exe d28f7e29c76ea32e8a690122a4d729408136d83a70ac491231b7458c740c86a5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366070/
  
Dropped by
MD5 1709452aaeebcc34e96b0b71fa9fc321
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a71c0f86ef3b570a9d3429e4787bf32d79a1539a81d71788f84124cbcd07112c

Comments