MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35787807345e104b2fc93883c3d54925d876b4c6a03153110acd9cf86f655459. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 35787807345e104b2fc93883c3d54925d876b4c6a03153110acd9cf86f655459
SHA3-384 hash: a789e0f433a27fb973caca3ba21534d948c96fab5727dad2e4346901c28cd68cbebb3c2aba68c75aa88facaa71515852
SHA1 hash: 42c3203593d4814c8f14b6b706b7009f226e2eb7
MD5 hash: 6b7ebf98238c64023780fe69743da21d
humanhash: alaska-coffee-avocado-one
File name:Payment_Slip_2020190002602329.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2020-05-28 13:52:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 15c4054e03b12e08a1b17a024078c370 (1 x GuLoader)
ssdeep 768:ZQeVfWGZg7Pz4lihPd2g+8Y1Vb5ENmC1amAgOciaWHKJIp:ZNVrg70if1YTwmC17A/DaWHxp
Threatray 897 similar samples on MalwareBazaar
TLSH 65333A23FA685013F24A46B1AE22D9D17D377C325A018E1B2A81FE6C5875D83B4F671B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host130.cityonlinebd.net
Sending IP: 113.212.108.130
From: admin.itax2@kra.go.keĀ  <admin.itax2@kra.go.ke>
Subject: Successful completion of payment registration
Attachment: Payment_Slip_2020190002602329.zip (contains "Payment_Slip_2020190002602329.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1N8EyzMe4Ew_jAHmVr_vmlyMkeUvV7TUH

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5876/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 14:36:01 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
229d8d98a701a24e93b4e374092a5ce767fb859ffbc243cea9c1486b871dd4fb
GuLoader
26f2158d9837aa986e3d69b6cb3df0ea039d0434cd504c2911ad9788bbbf7715
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
6785ac0d25c3b5a7fa54aa4df7d2a00611305c06b51f1d5d4fb27d1ff2ccdba9
GuLoader
7e8e1de7b35bbdd1e9a7aedaa1e3e73602e778768052474e7e56140baaf85e37
GuLoader
7fcf92c7dcd71c8dd4d0b073877afb90075305390ccf6e3a50ca598211e0469f
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cee8a845815daa1914a89033be9f89287fab6194e8b8b700ec058013d6fa8c54
GuLoader
d98c94265a32705781c3702b0c93298fe71325cc0d3b8ee5b59a469b412e5263
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
+ 887 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-44frq5jbes/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a8bc9efd646596c1285ac7c27ae2e5ddd80ca3ace9cc00a8a238f2eb426b442d

GuLoader

Executable exe 35787807345e104b2fc93883c3d54925d876b4c6a03153110acd9cf86f655459

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371159/
  
Dropped by
MD5 246ade217932222503a21ac4e6b0be50
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a8bc9efd646596c1285ac7c27ae2e5ddd80ca3ace9cc00a8a238f2eb426b442d
Cape
Cape
https://www.capesandbox.com/analysis/5876/

Comments