MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc0f8133b1faa0245779e8294421033ae567c11be58f5bb86eb65ad3d67bb8ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc0f8133b1faa0245779e8294421033ae567c11be58f5bb86eb65ad3d67bb8ae
SHA3-384 hash: f6de76fcec447ac8901364a5b47fd8f5bfc1db1d1d102ce959e6ae74b79be57578d46569e2e56a9cfd5fe5fd1cec3505
SHA1 hash: 79c24b5449a199e94cc826e71221b1d44f2bee17
MD5 hash: 931beb68ec517bbaf84e9b099189b757
humanhash: pennsylvania-princess-speaker-vegan
File name:SWIFT_Advice_M103__PDF.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:53:41 UTC
Last seen:2020-05-22 06:58:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8745fdc44faf8545e62eda474b4786e3 (1 x GuLoader)
ssdeep 768:IA/pXS3B3j0+BJCY+8iEPYQKenIrtVEu2emOs52HTNHFBaaIOwYgcGWmZ:J43ZtBJCYlPYQK7tVIwEr
Threatray 5'083 similar samples on MalwareBazaar
TLSH B4A31A12F554ECB1E92C8AFE1F78865C122FFC701801CA4379C6B71E4AF798DA86531A
Reporter abuse_ch
Tags:bat GuLoader HSBC


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns1.ekenamillwork.pw
Sending IP: 198.211.10.8
From: HSBC Taiwan <onlineservices.hsbc.2410053.0@jfkcontractors.pw>
Subject: HSBC SWIFT Advice Against Order# Ref:[CB0081232] // Customer Ref //:[C0025219]
Attachment: SWIFT_Advice_M103__PDF.rar (contains "SWIFT_Advice_M103__PDF.bat")

GuLoader payload URL:
http://lostrescochinitos.mx/a1/bin_myKyjKcG251.bin

Intelligence

File Origin
# of uploads :
3
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.24473.26346.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 03:14:53 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3qhycm5r7kqciv3z5auuiiidhlswpqi34whvxodowznnhvt3xcxa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00983a8176276beea115d21fef7919c49b29b96d78dbc2151cc04cc7d8c95b35
GuLoader
0c6ef50f134bbd723eddc99d8f9fc78b37e7e2590ec907ce4209075677add6d9
GuLoader
2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c
GuLoader
2ad145ebeae4ff20eeb893b16658fe43d7557f30c746edc355a5dceb393bf8bb
GuLoader
8697eb117ba4ca2b18a9a7bbdcbd201cc062e2e79ccbc9d8ea785baf5b868657
GuLoader
ae5d3796c3f5cb07398607db131f984843b529115cfa13a6a9590991f29f5db0
GuLoader
aeccef59002b851b685cf54307f906c06adb065b68c3eff112f4b0f1442d1349
GuLoader
d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb
GuLoader
e3bdb2a06e43b09073cebd4f7a7fe633d45d1c6d149885f7b815cc591fe3b453
GuLoader
f626ac44e4d6711e2b2a128fbde9bebf2a8b7c66d7161376993d3252c16dd083
GuLoader
+ 5'073 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sgeg8ht86x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 68c560bd2d106ffb844cca8dbf97ff98be6a68a7f0b0cc6d2a595171048271d6

GuLoader

Executable exe dc0f8133b1faa0245779e8294421033ae567c11be58f5bb86eb65ad3d67bb8ae

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365799/
  
Dropped by
MD5 cc4c37a90fe047f72f6cbd15c2c627c0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 68c560bd2d106ffb844cca8dbf97ff98be6a68a7f0b0cc6d2a595171048271d6

Comments