MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f01984aa9f7805e8261655cfad5f92a5e06e48170d6a9fb41e5a2c22bfedec6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	f01984aa9f7805e8261655cfad5f92a5e06e48170d6a9fb41e5a2c22bfedec6d
SHA3-384 hash:	aef8130020a3cc5617247eef6b3153ef34ff75c4d643abc825a12633b71e5b94f1fa1bae1a69d75feeb97185c61e310c
SHA1 hash:	4a277e9456ab365c00de1070a25a1fe1891dec16
MD5 hash:	07364f7f18ad4314de169ca0d3798840
humanhash:	sodium-kansas-nitrogen-network
File name:	INVOICE.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	102'400 bytes
First seen:	2020-05-21 10:28:20 UTC
Last seen:	2020-05-21 12:24:35 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d74059c840f17c87f6d4490139a3acdb (1 x GuLoader)
ssdeep	768:/uOINifeWpHumCPeikJI3jn2Q7laSvcqNZMgTy+D4+HM9Fl5HOEdDi/f:2OINNWFjCxkMn2Q5aMigOoHWiEY
Threatray	190 similar samples on MalwareBazaar
TLSH	42A32B29B9A0DD62DA904DF35EA94B69117FBC311852CF4B70C77F2C2532E86E926307
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: mout.kundenserver.de
Sending IP: 212.227.126.135
From: ketanmehta@ketanchemicals.com
Subject: SIGNED INVOICE
Attachment: INVOICE.r00 (contains "INVOICE.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1kOY5_Vo11zm_999-ULdk-xGEozO-Fbvx

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Malware.15840.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Grp

Status:

Malicious

First seen:

2020-05-21 10:37:17 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=6amyjku7pac6qjqwkxh22x4suxqg4saxbvvj7na6liwcfp7n5rwq._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-8w1mmhtkha/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 365cce5303a894ebe65ac92c7ca635fd006bd5bea8111dcde21a558845d94a36

GuLoader

exe f01984aa9f7805e8261655cfad5f92a5e06e48170d6a9fb41e5a2c22bfedec6d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/366140/

Dropped by

MD5 a760f58873ab45e73d5bb9ebaf3ada69

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 365cce5303a894ebe65ac92c7ca635fd006bd5bea8111dcde21a558845d94a36

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample