MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c573ee53e9f48e54bb4761f23a3abb8ec55d088b298209eca19f56735c27214. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c573ee53e9f48e54bb4761f23a3abb8ec55d088b298209eca19f56735c27214
SHA3-384 hash: 588e091938f6a7f3e8a30b1e6202ce047570b361fd9832454240e6f222cbe296fbb3aa353132518d1d7c4ba6b424a525
SHA1 hash: 9aa48e55ed59370900ac5a0f9f12b819204fe552
MD5 hash: 74668c0b30721c869a0c7cc8365301f1
humanhash: mirror-angel-lake-spaghetti
File name:#068, Invoice 1.xlsx
Download: download sample
Signature GuLoader
Create hunting rule
File size:182'942 bytes
First seen:2020-05-08 10:59:24 UTC
Last seen:Never
File type:Excel file xlsx
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 3072:/3bUyMfGSqY3jXkp/pk5xoGbBvjGvvTRCbY47HeuMdiRi7yLlXxz1qH3r5yhYu1:/3bUywGfYTXYhWx/bcvSPHerdiRHLlXf
Threatray 83 similar samples on MalwareBazaar
TLSH 5B0412C39152EBECCB993A79D1F82D94937E1FDD1D301933D514E008A4AB9DB098E62B
Reporter cocaman
Tags:GuLoader xlsx


Avatar
cocaman
Malicious email
From: "Noel TSOI" <zhengwei@hengsen.com>
Received: from aradiod.co.za (unknown [37.49.230.247])
Date: 8 May 2020 12:46:27 +0200
Subject: RE: Urgent_Confirm Invoice details for Payment
Attachment: #068, Invoice 1.xlsx

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27429.XmlHeur.Autoload.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Malware.XML.Autoload-1.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EQAndMisCasedOleNativeWasTheCaseThatTheyGaveMe.20200215.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 16:05:54 UTC
File Type:
Document
Extracted files:
19
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
03acd465f7023bd71c2eb105b5b78a377bdeff030fa56c85d0163411d9413d6b
GuLoader
06c7ed157b8e8698cfe7d757ee664ebcdb3b4c3625609f6fd2aa79893df51be2
GuLoader
234acaae49590b6d24649d27e945d4eb2bb186f6fae95f8aa4b07457ee9778e8
GuLoader
25e7a047b79eb049df4b60224a2812a80a7fafc54ff789abc84ee7154a887a3c
GuLoader
3ad218dd82f514c03cd3c157a51a6bf3e082d300e6ba02169e78cdd9a7f34845
GuLoader
a3b71dfc0235bd33cd7d9d05db130acc2d4d4852522279aab9ceb5ea9f3d0ca9
GuLoader
aa9edd5569fc2940680fdec96cbeddd523ffe907acfabaf5db1e9283f7f227d9
GuLoader
ad8a37712f8cacb5def3dc81a53358ad76ef3800ef3e4fc3d151f17e594d93e8
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cbe345880baebbc56c019721184c56577bccf0b66091b09f90163646f0bc7af7
GuLoader
+ 73 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5k4c5tt4ls/
Behaviour
Enumerates system info in registry
Launches Equation Editor
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Excel file xlsx 0c573ee53e9f48e54bb4761f23a3abb8ec55d088b298209eca19f56735c27214

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments