MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec
SHA3-384 hash: c6c7f9b2737ef9b3658ebf0efe92c7a4f96e206b155964be8b3468cd95dcb0bce76fb54d43c846c20342cc37ec22fd6d
SHA1 hash: 95f6a4861dd7934ff7dba1302272d5db7caecd88
MD5 hash: 28e9cb01d813b4fd252390a50a455e8a
humanhash: wyoming-kentucky-kilo-early
File name:PROSTIT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:01:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b45f30c8b62272cd0f7e34db707438a0 (1 x GuLoader)
ssdeep 768:l6+Xudkq8BdYWY45FPvgPP+7zVB+BJRJI2uFlSTavf2qBV4DsdBtKuy+2LAZRbmh:c++dkq8BS2XnoP4zbmrJT24TERPb
Threatray 978 similar samples on MalwareBazaar
TLSH F473392EFE5D8165F40945705966C1A2BB29BC3214066E0F7305AE9BB871E87BCF2327
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: box.tfddggder.xyz
Sending IP: 192.236.146.13
From: ''Hui En Teng'' <info@tfddggder.xyz>
Subject: Re: Payment Breakdown for Consignment 14/05/2020
Attachment: Swift Copy000056.pdf.z (contains "PROSTIT.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=11NAZslAWBWkK1b4dFviELvvgWl48QHr6

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6053/
Detection(s):
Win.Dropper.NetWire-7993067-0
Create hunting rule

Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 18:19:17 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=adivccvrktvx4syj5zfmsfp2wblxyw2rn7mzg5nrt2vy5lv2ytwa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
GuLoader
1403d5f33c1379c32f1cb03b1c72d317b81541532647386e7aef8ba51f4c18c6
GuLoader
57bb966172a1d6bc994a682ef5da9b8b8fdabef539f44024c7e9368e6416d457
GuLoader
63a5b27aaccab499d4e56d6606d9495484685be3f63817f9e90a61330bcffe38
GuLoader
95b7bbca4d924be150fb6858b8546d3386d44a8a589a7a60ab1a0961718ee84d
GuLoader
acbdc5ee4cfd910a6d94ffee791a5f62631bbf449ee4883bdd3ae6b705b652ee
GuLoader
b9a39d44f35f5b894ee479f2c6878d231911099512920ff5c494896bf6ec4f32
GuLoader
daa83b31dedd9baabaa012bf052e93e0b378fd00d7c8f8b18ddd8665e04aeb4b
GuLoader
f1f8f362f768269887febcea5bb11b4ece351b3c0b8be3682c6095fc9f3fcae4
GuLoader
faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0
GuLoader
+ 968 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-cnyv2cly6s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8841216b857bcc06db75da75377860dec8c9db8a803859dc1a13a5bf8a074702

GuLoader

Executable exe 00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/372236/
  
Dropped by
MD5 47976c4c6428cb7cd535562d241a9207
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6053/
  
Dropped by
SHA256 8841216b857bcc06db75da75377860dec8c9db8a803859dc1a13a5bf8a074702

Comments