MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3691f40ec472e4bc10cd7855fce1e52a6e177513c1cff51054463cff7106601. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3691f40ec472e4bc10cd7855fce1e52a6e177513c1cff51054463cff7106601
SHA3-384 hash: a77b690b71fbebb307e030f402e2219ade3fe09daf7dd985f5f9c4c91e24606e239f5d81f4eb0d48d868ac73d0e86f5a
SHA1 hash: 757b5c3863a707d34fff9f070b365b5e40e56cf6
MD5 hash: 6346c557f7e9c0a6d6da3dccc89e79f5
humanhash: asparagus-fanta-violet-july
File name:Ashraf Sadaqa.crdownload
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 09:48:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0c20c1df9bd3ba1ab35fbb78633b6681 (1 x GuLoader)
ssdeep 768:pMcpqCGi1/uuXEYl1SAjDNjp6tnwAA7JUAQln9:GFCp/cYlsUp6t6uAK9
Threatray 5'088 similar samples on MalwareBazaar
TLSH 2E933B027844EEE2DA255FF05FD5CB94516FBF3919148B2F308D3B6C7A32E81A7112A9
Reporter abuse_ch
Tags:crdownload GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 37.49.230.26
From: asmahabsyi30@gmail.com
Subject: Fwd: Re:Re: QUOTATION Ashraf Sadaqa
Attachment: Ashraf Sadaqa_PDF.ace (contains "Ashraf Sadaqa.crdownload")

GuLoader payload URL:
https://hosseinsoltani.ir/bin_UQAoUX24.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 23:47:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
52b4e3238f2b9b1ad37e8a8af0961fb563ac10025aa54341e2481bff248b74d9
GuLoader
5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15
GuLoader
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
GuLoader
b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65
GuLoader
bb0f482d8569c848f3017f721e44274d190b622e94fa1cf9a1b4a1f84899b0bb
GuLoader
c906a842516c0b1b052768b573c44fc42d24e0abc4d89ca8e4afc2559adaea1d
GuLoader
cbe345880baebbc56c019721184c56577bccf0b66091b09f90163646f0bc7af7
GuLoader
e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3
GuLoader
f199ddc51e67123423b6d58ce8cb90b7ac939fec447fedf647650f09497d1c46
GuLoader
+ 5'078 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xltncndmqn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 48bdb92c1fb26ffd31ef8da72a1e9d2a04fbf0505112a5575f089f35091cd0b1

GuLoader

Executable exe f3691f40ec472e4bc10cd7855fce1e52a6e177513c1cff51054463cff7106601

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366498/
  
Dropped by
MD5 55821fb5a193a8ed9e28d7274023c08e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 48bdb92c1fb26ffd31ef8da72a1e9d2a04fbf0505112a5575f089f35091cd0b1

Comments