MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e997f4144eb94f184308c7ebe6dbad709cf7151721c563e43a92d52539d4e1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e997f4144eb94f184308c7ebe6dbad709cf7151721c563e43a92d52539d4e1d
SHA3-384 hash: 8d6e0ad3e755b36cedc06933afa781b10d32ef3d1560e4524479e3ece3a5e8b685deccf072b928ff883ecd25eb9e21be
SHA1 hash: db0fe8406888082235b07055cab6f4f504cc1a2b
MD5 hash: ced386ac1c6f3c6ccd513e7d31f5dc47
humanhash: kitten-wisconsin-timing-arizona
File name:SC_TR11670000.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 10:29:25 UTC
Last seen:2020-05-21 12:25:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b6372e4f026d38b9422759b7dbc6aa51 (4 x GuLoader)
ssdeep 768:z2xAFXYujhZxf0gUb3EthvUqdN/B8oMJ1ff0t+nJZhlmAlF/0:qxAFXY03fREEHJNIfQYlmuq
Threatray 5'114 similar samples on MalwareBazaar
TLSH 64A3FB21FB95ADE2CA288EF15CA547A9115FBCA15D018B0B71CB772D2533F82EA70347
Reporter abuse_ch
Tags:exe GuLoader SCB


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hyperion.1my.net
Sending IP: 202.75.35.117
From: "Standard Chartered BankĀ "<AdvicesMY@sc.com>
Subject: SUBJECT:Advice from Standard Chartered Bank
Attachment: SC_TR11670000.rar (contains "SC_TR11670000.exe")

GuLoader payload URL:
https://qif.ac.ke/flow_AoGPhiVz245.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34122.gm0@aKCFCai.13375.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:45 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d2mx6qke5okpdbbqrr7l43n224e464kroiofmpsdvewveu45jyoq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
65d993ca9f1fffaa634838468d8f9401f7f2812aa75065e9805447db5b667720
GuLoader
7e93dde14915a790ba530c8df9aafdca662a2372210036abeeee86b9b7cb5c4f
GuLoader
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
GuLoader
b3ffcbb8279a9fd2b833c99170fd8cf01f9b5209617840dd8cc4411989d5e479
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
e09c2eb3f06cc722f1035d501755645c3feb569441f465ae3ba69aa4aba6ffa1
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'104 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rg9vtsmtf6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 933453b6f9c4fab12e01871f6a14ebb3c8c0cf1862a6b2c740cfa326d1af04c5

GuLoader

Executable exe 1e997f4144eb94f184308c7ebe6dbad709cf7151721c563e43a92d52539d4e1d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365459/
  
Dropped by
MD5 72807ea76d0bbbb65a81a1c0d67016bf
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 933453b6f9c4fab12e01871f6a14ebb3c8c0cf1862a6b2c740cfa326d1af04c5

Comments