MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
SHA3-384 hash: c0cb264f6bd60cf999e194b785739bee004b52d36e4074dd81dfafd19e90002d450672c167908260f7d47f3073154134
SHA1 hash: 195e23d3cd54e86de31fd13bf526e70e2f10a549
MD5 hash: c15d543241a2f19ff0d0e2be053778bf
humanhash: wyoming-magnesium-friend-network
File name:Sunss.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-02 11:00:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d9c7ceef2b452afa2f852d727c68e6fb (1 x GuLoader)
ssdeep 1536:wAUFO8lLRZh3JVvMBMrvVmoHmmjwHajM:wtZhDMmhfJM
Threatray 1'287 similar samples on MalwareBazaar
TLSH F7835B077E488A12E07046715DA7D7AD2F25BC0D49425F8F728DAE6BBF313A16C5C22E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ardeshir.r1host.com
Sending IP: 185.187.51.3
From: Emi Miyakawa <shafy.espi@gmail.com>
Subject: AEM.LTD [RFQ]
Attachment: AEM_RFQ 10062020.ARJ (contains "Sunss.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1bvgj_KZNbFdQ2I4Xw5_K2DbeBind8Z4y

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6048/
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 00:31:31 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7735rr4n23zukcn55ehkafkzh6hc7tqlaarith4wtaxqo4wgxgza._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
b05998bc4d111c80719ab38c75918662f8151fd5e5e223cdc90f0d97caad3b6e
GuLoader
b2ad4bb1d6523d5541609a20280c7858ee9dbf33a206146082de81826efc8927
GuLoader
cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
+ 1'277 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-v13t3x8st6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 3905bff939e940674763c9964e09b4e1aaa415dfdedc3239539b1f0cab6f047c

GuLoader

Executable exe fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373524/
  
Dropped by
MD5 ddd61e37af973d390cbc91b743f78c32
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3905bff939e940674763c9964e09b4e1aaa415dfdedc3239539b1f0cab6f047c
Cape
Cape
https://www.capesandbox.com/analysis/6048/

Comments