MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 258d02775433a3a48ef0934c2057ee2924b3670191992dee4e7a4e9ba354dc5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 258d02775433a3a48ef0934c2057ee2924b3670191992dee4e7a4e9ba354dc5c
SHA3-384 hash: 48844f1a5718ac6f25aa75de0d99f0977fd9552cd1833fc37da85f64109a9cfe79ced2b857b926e09944094324ae6331
SHA1 hash: 858bc11ea237e76c9d0ea416094b93790727e9b5
MD5 hash: f813673384bf271f6d3f8e7fc7375d66
humanhash: rugby-bakerloo-edward-music
File name:TUTTO BELLO LLC OFFICIAL MEMORANDUM.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:59:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 202ea1d634e9bcbfd5b68f9fa0a87630 (1 x GuLoader)
ssdeep 768:Ffo24wFCxFmMzxXKtLwnO/E9HFoaZEWw73tw4hgcf6HS3:FXMr9xXKcsEoakdw4hNN
Threatray 828 similar samples on MalwareBazaar
TLSH C2933A92B6E4E522E6154FB06BBA9B6A015BFC301D92CC0374D43F5D2A33B5BB52131B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sg2plwbeout19-6.prod.sin2.secureserver.net
Sending IP: 182.50.144.44
From: Nurlan Safarov <Nurlan.Safarov@TUTTOBELLO.AZ>
Subject: TUTTO BELLO LLC OFFICIAL MEMORANDUM
Attachment: TUTTO BELLO LLC OFFICIAL MEMORANDUM.rar (contains "TUTTO BELLO LLC OFFICIAL MEMORANDUM.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45780.14991.15616.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:16:55 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewgqe52ugor2jdxqsngcav7ofeslgzybsgms33sopjhjxi2u3roa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947
GuLoader
3939a9494bb1636232937e57243c7c362fc9c08a0f9944509b60cde9943993e9
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
f5f509cbd11ce2cca22d0f3a50468a9403e63ec9b1542eabbb1d265ae4d6b453
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 818 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dglne38kxn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

bab844aeb922b47cac16de89cc669996

GuLoader

Executable exe 258d02775433a3a48ef0934c2057ee2924b3670191992dee4e7a4e9ba354dc5c

(this sample)

  
Dropped by
MD5 bab844aeb922b47cac16de89cc669996
  
Delivery method
Distributed via e-mail attachment

Comments