MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11de084924b529df84b9c2c04845a186f10c8a0475e34f6eb379d949f35756fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11de084924b529df84b9c2c04845a186f10c8a0475e34f6eb379d949f35756fe
SHA3-384 hash: 93e23f5f698ab85bd13d8b0123abc414b54e295fe38d5c46f8a99d5918a3d9fbc0a097855140b51cec626de3262b78e9
SHA1 hash: cf15b094b55c3d26db0eb7421c7965f654d5aeec
MD5 hash: 7c153693b7ab4dd7f06aa7ef38c5d6b2
humanhash: utah-beryllium-shade-green
File name:PO LIST AND CUSTOMER CONTACT DETAILS_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2020-05-12 16:30:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3e18bc95d74783d071881498552ca15c (1 x GuLoader)
ssdeep 3072:85BDdcxIHa9r2AyaIo7qrFE/aekMMwIrRsJuSfWlamhs/hxzsMayxiqZedQc/ERq:85BDd
Threatray 658 similar samples on MalwareBazaar
TLSH CAD37447F260FB16C31110F177A916EA86EC9D38A9A4C553E7C072EE67B9B05E432393
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server1.arsari.co.id
Sending IP: 43.252.137.130
From: BOVIET SOLAR TECHNOLOGY CO., LTD. <marketing@boviet.com>
Subject: RECENT BUSINESS DEVELOPMENT:PO_TSY 3519,7422,7341 // EUROPE SUPPLY
Attachment: PO LIST AND CUSTOMER CONTACT DETAILS_pdf.rar (contains "PO LIST AND CUSTOMER CONTACT DETAILS_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:44 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=chpaqsjewuu57bfzylaeqrnbq3yqzcqeoxru63vtphmut42xk37a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
GuLoader
43ba958550781f620df1ae656c60c1957ca5e34bde5c59db95ae5cffe303f0a9
GuLoader
52aeea8a255442f1560a6c237fb9c6d5223e7de9eb3340d29f81803df963ee8a
GuLoader
79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
+ 648 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fjkl9pk7na/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar be7b0a45e64fca216c8b8afa235040167c17a0a2bf4a03f85592f3430fd6e458

GuLoader

Executable exe 11de084924b529df84b9c2c04845a186f10c8a0475e34f6eb379d949f35756fe

(this sample)

  
Dropped by
MD5 1e3f4166f7e97340ecdea2e332fdd918
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 be7b0a45e64fca216c8b8afa235040167c17a0a2bf4a03f85592f3430fd6e458

Comments