MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 373a778ae1a96ec5470097f7dcda115ac9b48ff1e646f37837a2547c10af2cd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 373a778ae1a96ec5470097f7dcda115ac9b48ff1e646f37837a2547c10af2cd3
SHA3-384 hash: fc1e92e0049b951646af430c306250fd467f0dc67d1ecc9dc2ce304b19d7c195a33e6170fd8b8553354b1e26134ab7b6
SHA1 hash: cfef430197a14db832823a176c123369001bb387
MD5 hash: 2f6614a10b2c10918727c959ef9eb7b4
humanhash: beer-jig-cola-yellow
File name:purchase order 23446561211,pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:636'418 bytes
First seen:2020-05-12 15:53:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6fdb6582a7ed7bc3a903f8ac6afaa8b6 (2 x GuLoader, 1 x RemcosRAT, 1 x Locky)
ssdeep 12288:RUG6PYmeggdMewpidOBelXEUsYYUV+c40RTjwCtoBSiyif:uUmYdMewpiABqE7YYUVnRTjhtyfyif
Threatray 1'086 similar samples on MalwareBazaar
TLSH 0DD47D63F1D08672D03B1979AC1B9FA859267E213E28A84A7FE43E4C4F77381743A157
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server2-ip13.mailsentinel.net
Sending IP: 111.90.139.20
From: OSSCA Co., LTD <ossca@ossca.com>
Subject: purchase order
Attachment: purchase order 23446561211,pdf.iso (contains "purchase order 23446561211,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 01:13:00 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g45hpcxbvfxmkryas735zwqrlle3jd7r4zdpg6bxujkhyefpftjq._file
Verdict:
malicious
Label(s):
remcos
Create hunting rule
Similar samples:
36350904b065500f429e6b2af0c4a1ec835352fed15cad40f07760aede4fcd47
GuLoader
667d35d2cff2979ca84df0afe1eca6c164e1d919b989e16b97166c7a30c77a87
GuLoader
6d6c5f16e0a786ca6fd218be24a98fe8ea46b6d73fa77a84e31b22717d81aad8
GuLoader
738ea925d9f26dc03c18efd41de5e310285a36eef0147e7767a25dcf3fb1b24d
GuLoader
935c11f10c7a7c010146c7d289b54c67ed4261e70afdea8522e7af41deaebdf3
GuLoader
93c327b46d6354a91a9b20311a2f1e1873e132765816ec26443eb1971ccd2946
GuLoader
af1cf572150e95fd75306a13eb3d2306e1e1fb4ef6c238f53f30f2525389e07b
GuLoader
b8a03fd14b3a3695af8b6c781eb946214a98986279678c6b2a477f22ba1ac3cf
GuLoader
f58206c0e3f90670105f3d92f49e4f3e4dd36970697f24de762862f24ea130cf
GuLoader
f9441d3651d67748ec1a2fd325ea1aa9d914208c7fae0853e5b769e52e66ccb8
GuLoader
+ 1'076 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hey2jml2ln/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

e5a9b272bf162970911e581eef1016e0

GuLoader

Executable exe 373a778ae1a96ec5470097f7dcda115ac9b48ff1e646f37837a2547c10af2cd3

(this sample)

  
Dropped by
MD5 e5a9b272bf162970911e581eef1016e0
  
Delivery method
Distributed via e-mail attachment

Comments