MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e67a756fae287327df087026a90555ce7c261730aae3d95073164169e8e9d97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e67a756fae287327df087026a90555ce7c261730aae3d95073164169e8e9d97
SHA3-384 hash: 5aad6277a464339b715c28a42951de0a888befac54befe3827fca71f2fc4919e659e05f0f597f62df2d8b9863db1ba64
SHA1 hash: 008b341ed9b702a7fa95cf9d215b573393cb7667
MD5 hash: 1e73e1aa55106b523ecfcc268bb980c9
humanhash: double-xray-eight-hot
File name:ENQUIRY-21703.PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 16:08:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 89bb4b7afaa479bbb09935f9c22223da (1 x GuLoader)
ssdeep 768:aYFzL/jxDc92qx1kkrYHG9G59bVsNbR1pdyw+89jEvHzDwzsryE2Z:zDx701rrYm9G59onjNR9YvH7SZ
Threatray 247 similar samples on MalwareBazaar
TLSH 7F835B1DB464E5B3DB418DF16B6163A9050E7C3019C5CB07B4C2BB1E2AF6B52A921B2F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: linux977.grserver.gr
Sending IP: 185.138.42.16
From: Gianluca Cardarelli <janet.awoseyin@nsiainsurance.com>
Subject: PO_NO.ENQUIRY-21703
Attachment: ENQUIRY-21703.PDF.arj (contains "ENQUIRY-21703.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.48724.4037.1481.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 10:09:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bzt2ovx24kdte7pqq4bgvecvltt4eyltbkxd3fihgfsbnhuotwlq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b00cf03f26724d9e9cff35a8d3d2e42f2518827e9564513b348fc163de153b6
GuLoader
408e38b4d81de63e5762dcb8024f81360b426429821f9934b087aa0a6b44c56f
GuLoader
61e4815609e7e61d192053a312222c33982898384568b4a217ec4602b5e1952f
GuLoader
7e5b0829c6ff31260033e79d4172ef09efa4c6667a99c97b8ec82d614a68a241
GuLoader
9936263d7a358e5113b0ba284d8c321c2bfd9510cf4213c7ad5b5fd6b54db9ed
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bb38441f00e31c053e8b96617edb3125104e243f5409757a3ada8d9977fd2c34
GuLoader
c7126e6559d14c8a6e6502c038b71d2748ea77b6b977134615043e1576770818
GuLoader
db8c0d21cf315034515bd28e49435e6cde73954c992c3a5528417019e9b25526
GuLoader
dec9d864332aed8fa899cbbfa85ffb4404744257be8c7bd8ab0a6464df226acd
GuLoader
+ 237 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8dqabpkzsx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj f0dcbff3060fe2ad7c18acc46eb21e97eeb16b2f6c0bab484511f35695e5cc54

GuLoader

Executable exe 0e67a756fae287327df087026a90555ce7c261730aae3d95073164169e8e9d97

(this sample)

  
Dropped by
MD5 1d0f4f03b50957be4853deb4803fc286
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f0dcbff3060fe2ad7c18acc46eb21e97eeb16b2f6c0bab484511f35695e5cc54

Comments