MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00750e91c7dff635ea7b16ed23c6209012457a26c135b24737ed5144bd6420c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00750e91c7dff635ea7b16ed23c6209012457a26c135b24737ed5144bd6420c8
SHA3-384 hash: adda0afd40c4ab60cd6fbbb4454a0566e8dd2e8665ae378e8e63b619109daa9245fa4b43577891f9681bf8de8440e64f
SHA1 hash: d606dba323fa6a94eae9ebd44ac757644d471705
MD5 hash: f8cb62d2bc60074168d1252726660b12
humanhash: delaware-enemy-artist-zebra
File name:SHIPPING DOC INVOICE NO. USF23-24072.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:392'925 bytes
First seen:2025-10-20 12:39:49 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:mJXun0fjZrUENwwXrFAswM6j4mxUyPyXtd/BZHeuzNCVofVcfPhGcW+OBMkEawDZ:mJXDflrEwXZsKIyXtd/BZ6VofguLMkFY
TLSH T1BB8423359D989FC61159ACBE7D86F151C2FF93AE84C23413A04B45C0FC2099B6DA94FB
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter cocaman
Tags:GuLoader INVOICE rar Shipping


Avatar
cocaman
Malicious email (T1566.001)
From: "ops@paramee.com" (likely spoofed)
Received: "from [196.251.84.109] (unknown [196.251.84.109]) "
Date: "17 Oct 2025 04:46:51 +0200"
Subject: "SHIPPING DOC || INVOICE NO. USF/23-24/072 IGR23110"
Attachment: "SHIPPING DOC INVOICE NO. USF23-24072.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
CH CH
File Archive Information

This file archive contains 13 file(s), sorted by their relevance:

File name:subconformability.com
File size:20'089 bytes
SHA256 hash: 7b5ba60864fdb2e9cd9290b93e6d53de8478117585521cd9edceb6170780c9e4
MD5 hash: 2c97931eb50aeb3bfadee9405140a080
MIME type:application/octet-stream
Signature GuLoader
File name:konges.Pol
File size:29'200 bytes
SHA256 hash: c9483362fdb17a4d5abfc213a496304a8b0285e66355a533b609f388cee155f6
MD5 hash: 7caa22a70f45c74565db6320ea8fe5df
MIME type:application/octet-stream
Signature GuLoader
File name:spionkameraets.abo
File size:22'144 bytes
SHA256 hash: c551b028aac65839a83b93edc0d824e1b22c0aab104c56bd81e8bb5b8fe2c36a
MD5 hash: 8fa08621a6e7ed4dbb44ada9e697d991
MIME type:application/octet-stream
Signature GuLoader
File name:SHIPPING DOC INVOICE NO. USF23-24072.bat
File size:507'815 bytes
SHA256 hash: 4b29564a5235875f5ec10225192b96ef4974287f1fcb5c69bacd516ff15cb315
MD5 hash: bb4be0ece9939ff2f96652184a4356b5
MIME type:application/x-dosexec
Signature GuLoader
File name:frygiske.ele
File size:25'505 bytes
SHA256 hash: 8d9e5bd663a748ee0890f833f71791785ed0f5aa29fad59ef858513cb9802706
MD5 hash: 5ffd4851f6da134b2fc03a5ca903af8a
MIME type:application/octet-stream
Signature GuLoader
File name:System.dll
File size:11'776 bytes
SHA256 hash: bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
MD5 hash: 17ed1c86bd67e78ade4712be48a7d2bd
MIME type:application/x-dosexec
Signature GuLoader
File name:Brutishness.Sal
File size:359'667 bytes
SHA256 hash: d1a2149414d582668a5a085787da06393119e4519d4cbbf45b33936471ceab47
MD5 hash: 7851c24d578f589a1074d3f28d6ef230
MIME type:application/octet-stream
Signature GuLoader
File name:welshlike.sti
File size:15'760 bytes
SHA256 hash: d6da534a13a201fead80203e5fab04997e5fce99444bd14a410c5c1404c371d9
MD5 hash: 565be405747e9d6f33c1bc8b096a8730
MIME type:application/octet-stream
Signature GuLoader
File name:Fregne210.dan
File size:21'743 bytes
SHA256 hash: 66b2ece35e932da2e31b97ad5b739c9234d2b8414229e429c9565c998feabc91
MD5 hash: 1b06f2d444a946a3234c784e70d7b613
MIME type:application/octet-stream
Signature GuLoader
File name:injucundity.ste
File size:22'069 bytes
SHA256 hash: e034a3c2f1dc4bbd95be0e635bdea0d88d85339efa1d9d0e00c5a476befb0a75
MD5 hash: 910e941fd2d4bd0874848dff37a31221
MIME type:application/octet-stream
Signature GuLoader
File name:disassembled.ora
File size:6'206 bytes
SHA256 hash: 35afa4cfc6ca999fb585eca4b2560c6c6ecaee216cc488d964ace905fb7c6db0
MD5 hash: aeeefd06619485bc78a7c89534d945c2
MIME type:application/octet-stream
Signature GuLoader
File name:anaeroplastic.oss
File size:21'031 bytes
SHA256 hash: 35a0b98f0f6b9462a932eb25edb015bad937a4d0aebb469a8ee2f33615347eba
MD5 hash: 1a4cb3aeb9ed11e2c45c6fb4d881f27e
MIME type:application/octet-stream
Signature GuLoader
File name:cheerers.lau
File size:389 bytes
SHA256 hash: d55f9755feb6fb3a4f6de1597e1d7c405abc802999d95d96980b0ca8137ca21b
MD5 hash: 4f0141e634aea8844a3ebc5d7e7862ae
MIME type:text/plain
Signature GuLoader
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f2413a0cffb3244298cb80
Tags:
injection obfusc virus nsis
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug blackhole installer masquerade microsoft_visual_cc nsis overlay
Link:
https://www.filescan.io/uploads/68f62e1f11ff3db29f646a53/reports/f349adb2-0f49-47c8-ba9c-5a5fa9c7fe01/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/00750e91c7dff635ea7b16ed23c6209012457a26c135b24737ed5144bd6420c8
Verdict:
Malicious
File Type:
rar
First seen:
2025-10-16T21:49:00Z UTC
Last seen:
2025-10-22T09:12:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/00750e91c7dff635ea7b16ed23c6209012457a26c135b24737ed5144bd6420c8/results?tab=lookup
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Rar Archive
Link:
https://app.malva.re/file/f8cb62d2bc60074168d1252726660b12
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00750e91c7dff635ea7b16ed23c6209012457a26c135b24737ed5144bd6420c8/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2025-10-17 02:26:45 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
21 of 38 (55.26%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ab2q5eoh373dl2t3c3wshrrasajek6rgye23erzx5viujpleedea._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/251020-qac9yagv3e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Legitimate hosting services abused for malware hosting/C2
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/00750e91c7dff635ea7b16ed23c6209012457a26c135b24737ed5144bd6420c8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 00750e91c7dff635ea7b16ed23c6209012457a26c135b24737ed5144bd6420c8

(this sample)

GuLoader

Executable exe 4b29564a5235875f5ec10225192b96ef4974287f1fcb5c69bacd516ff15cb315

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b29564a5235875f5ec10225192b96ef4974287f1fcb5c69bacd516ff15cb315
  
Dropping
GuLoader
  
Dropping
MD5 bb4be0ece9939ff2f96652184a4356b5

Comments