MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d
SHA3-384 hash: 362ae11864366b3f8ade3b600717c54ac2893491cbc5d71d431839546316a6ec6292c37565213a24a7db6a3b8565ec7a
SHA1 hash: 745a3f85332e6613fc21d5f9b6017c0d67bbeae3
MD5 hash: 2dba676e2a87d3383ebc404845b604fb
humanhash: oxygen-seven-echo-carolina
File name:Remittance_90523_03.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-28 13:14:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3ed0576492c7037091b76e3e7bf8d371 (1 x GuLoader)
ssdeep 1536:qeMYxfHc0pt3Zx9e8B5DWbvLCZQaOAE8GAzjmTTRktTir3X8Ty:frxfTptpxU8fWDLCTvEWzyTa6
Threatray 5'647 similar samples on MalwareBazaar
TLSH B8042925B656CCA5CE600374D8E1D4F46921AC18CD2B8A2B37E07F3E76795CB9D29332
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mola.com
Sending IP: 173.82.106.44
From: Accounts <hang.tuong@deltamarin.net>
Subject: REMITTANCE ADVICE: IF01200022823419
Attachment: Remittance_90523_03.rar (contains "Remittance_90523_03.exe")

GuLoader payload URL:
https://qif.ac.ke/flow_AoGPhiVz245.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5853/
Detection(s):
SecuriteInfo.com.FileRepMalware.19961.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 09:57:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
1e997f4144eb94f184308c7ebe6dbad709cf7151721c563e43a92d52539d4e1d
GuLoader
65d993ca9f1fffaa634838468d8f9401f7f2812aa75065e9805447db5b667720
GuLoader
7e93dde14915a790ba530c8df9aafdca662a2372210036abeeee86b9b7cb5c4f
GuLoader
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
GuLoader
b3ffcbb8279a9fd2b833c99170fd8cf01f9b5209617840dd8cc4411989d5e479
GuLoader
b8ee3458736fa73672b43a4c55e136bafc48b215dcb89dac28b5865ab59fc99c
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
e09c2eb3f06cc722f1035d501755645c3feb569441f465ae3ba69aa4aba6ffa1
GuLoader
f708f99bcb86bc017f5b34435a241cb77fa4bc4c37d47b85f1ecc43e9ddc365c
GuLoader
+ 5'637 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2ydvpjx8zx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 81f54e904ad8bbee5801be7607b98112dcf14241d0b96d1b85c85596c129c350

GuLoader

Executable exe 0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365459/
  
Dropped by
MD5 fc1b753b89ccbf9c5c2bc160cbd4ab8c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 81f54e904ad8bbee5801be7607b98112dcf14241d0b96d1b85c85596c129c350
Cape
Cape
https://www.capesandbox.com/analysis/5853/

Comments