MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37f99fd8cd0da50db89ff0b8fa05029e283aa5ac0cb8770dd17514dbf760f744. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37f99fd8cd0da50db89ff0b8fa05029e283aa5ac0cb8770dd17514dbf760f744
SHA3-384 hash: de2568ad51f31a85526c49f8c774880d561ebe407f215f5270b6ed1c4bf61331f43632e634c2e769df5c6844448bfd1f
SHA1 hash: b0868dd8360521db6ee4de9ec687c3a9ef7975ed
MD5 hash: b6461a0e92c679eb19b596a4f196cf86
humanhash: triple-aspen-stream-freddie
File name:QuotationRequst#0882020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 08:56:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e69a7691192b19a99fd32b513974a4b7 (1 x GuLoader)
ssdeep 1536:GFeFH/bkEoMSSCCl2O++dlR2MBKOpOQcM/ZJcPJNi5N8bQk7bg:6QxotBCe+dlR2YhXn5tk70
Threatray 279 similar samples on MalwareBazaar
TLSH E4C3181778C88CA1E82C4FF11C6B5AA35E26BD2579900F2B364AFB5D21361CA3DF5709
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: advantec-japan.co.jp
Sending IP: 160.20.147.182
From: Noli Ramos Calimlim(カリムリム ノーリ ラモス)<n.calimlem@advantec-japan.co.jp>
Subject: quest for Quotation (Targets and Evaporation Materials) and Manufacturing Details
Attachment: QuotationRequst0882020.zip (contains "QuotationRequst#0882020.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=46B98FE6F0D79519&resid=46B98FE6F0D79519%211842&authkey=ANcfRm-0LjxFJQY

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NanoCore
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5655/
Gathering data
Threat name:
Win32.Trojan.Bitrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:02:47 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193
GuLoader
09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d
GuLoader
1d4bd4bcfe5f31f317eabc6780b91c1499f4dfc22025cfa6eeec3bc188207dc3
GuLoader
3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
70e8b249ce476ea3ff1c233de9eef9b9f1e2ad1da22c1bb3e16acc20eaa0e9a2
GuLoader
bd7d25a9958f0455c03a169c21ecba511a0ce5a43d528f8c3fdce782e4b31834
GuLoader
c52ca2d3f581c0f1149d3538a985bb896755356d0c00abc546c142accaf0015d
GuLoader
e7ef14cf9416e9962ca7398e2d9890a5c0dcc92952cf27bf00a61880a8551228
GuLoader
fbaaf4a20caaded35148803f10962ddbb81270216842b817d0a961e5be13c405
GuLoader
+ 269 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hpfn1adfdj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 690a0e008b5610b1dca0def0094817689a7d506eb397662db11644867528d969

GuLoader

Executable exe 37f99fd8cd0da50db89ff0b8fa05029e283aa5ac0cb8770dd17514dbf760f744

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365781/
  
Dropped by
MD5 ab21e5b6c3fed30e54eda5f2efa85fdd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 690a0e008b5610b1dca0def0094817689a7d506eb397662db11644867528d969
Cape
Cape
https://www.capesandbox.com/analysis/5655/

Comments