MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7dda9d5e3557a57d63b4fe02c26f03f135e4810bfd2fbe9b44f5190384385ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7dda9d5e3557a57d63b4fe02c26f03f135e4810bfd2fbe9b44f5190384385ae
SHA3-384 hash: ce2eb4bf0f793a5e290646a69b3257309ef3335c6d0d4906cc4cf0616f9492d3b2389388d9d00f16954b23f8526f0064
SHA1 hash: 5204893fdb18479462d9fd59802450e55d5f1035
MD5 hash: 4b08afdc60d0d0157a5cf47f23c3565f
humanhash: victor-may-jig-jig
File name:smokinger.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 15:05:19 UTC
Last seen:2020-05-22 15:48:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 84d80b0f5a8552b990f8aa32e9e04158 (1 x GuLoader)
ssdeep 768:QKQpjqs571f+IipPlPLwHssydrjJJyLTcgpOxwkG81m9siARXLSOWrXQBF:VQ1qs5pfdClPLwMZJJyLTExwkcH4UC
Threatray 5'702 similar samples on MalwareBazaar
TLSH F993086EB180EE67C9244FF11A36CBA811B7BD3069610A1779CA3F2D693258E9477313
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victor.r1host.com
Sending IP: 176.9.32.34
From: Minisini Gabriele <gminisini@atomat.com>
Subject: New Order/Ref:643895/ATOMAT CAT120VX000436*sample from Italy
Attachment: SWIFT.001 (contains "smokinger.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1l6VU05eHD17sFQqbelVRsD-qw6504o9V

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:36:01 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
26578480a0124210e78362e63cb2fb0d2998a47e6b1d8f43cbe787caba1ac5b6
GuLoader
29bcd4f06dd92b104f47acf511a47742f03d7eca0321ad099c964954416f821d
GuLoader
3bc915766b79fb4fdf2e636cfc46b1df5787c2fdc11fb540a65cdda079f5bf1f
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8
GuLoader
9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737
GuLoader
f8eba2fe120aa64939010e6c31a63a7c12e97952c55bd29fd441f2139d9b7acd
GuLoader
+ 5'692 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4zhxdk3gjn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 59620a80a18c4ddba2f7aa9d2d400a1b9b20f9f3bc4470a42ca23fb9f19bcfb5

GuLoader

Executable exe d7dda9d5e3557a57d63b4fe02c26f03f135e4810bfd2fbe9b44f5190384385ae

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366493/
  
Dropped by
MD5 8a903b2eed6548a2a7b69f43f49c77f6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 59620a80a18c4ddba2f7aa9d2d400a1b9b20f9f3bc4470a42ca23fb9f19bcfb5

Comments