MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38b8d9983df22426b89c88131a63c57734d358c79b08ab51feb813f7f980409b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38b8d9983df22426b89c88131a63c57734d358c79b08ab51feb813f7f980409b
SHA3-384 hash: 09050f31b20427153ccbe8b9d0fbf3bb4fcfb696a61d8decf7460a6409ef4096b1ede5fc07b4bc4132612caf68caac40
SHA1 hash: 157c356a230ad6cce8626a26eb406adf986cbaf6
MD5 hash: 42ddcc0bffe3c8d8ee579e65642378da
humanhash: aspen-lactose-bakerloo-ack
File name:INQURIY_QUOTE_20200521001.XLS.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 10:32:33 UTC
Last seen:2020-05-21 12:24:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8056973a74ed753d0e571441004c1b44 (1 x GuLoader)
ssdeep 768:VEkvDhBM8X2nxh6yIwDmTr/UqVQfsavjsVxLYoNUtNvdw46S3p6I:tzM8Gn36yI0mTLnavjsEoWZcSAI
Threatray 122 similar samples on MalwareBazaar
TLSH 46A33B227ED4DC43DA0489F14DAB4ABD302FAD7429168A0737DBBB5C2533A82E57530B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: timtex.com.cn
Sending IP: 193.29.187.182
From: Nicki Zhao <yanok@timtex.com.cn>
Subject: inquiry_quote_003246
Attachment: INQURIY_QUOTE_20200521001.XLS.r00 (contains "INQURIY_QUOTE_20200521001.XLS.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mKijwcuY0LRdWG9dG2CsvPeJmeIcz5_7

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis42DDCC0BFFE3.25043.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:51 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c80fa8807477cff8c9c3ed7b2a857538f022b1e8829020d09f60bd71f1afd9a
GuLoader
1c6c9635f0c01cc93b504293351215058cf9ef8b62ca38ce71012a4875fbe0a4
GuLoader
1f3842bc152088bc10de6e14adabf860902dee318375a6567e0b85a9faaed1f0
GuLoader
34b5489e0ec8a910e23c438abd532e63246597152ec0e14050c16461eac6baad
GuLoader
5978884a07ea7559941ec2a1ce86e08e4be36a9aae9d535f58021602b24cdaba
GuLoader
ad902bad9f459a31e657fe826869a611507af41776e323f285809a58e5f1172b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b82709866f3f2651a08e22ef94f52526e666a9e030cf7ff605375567e02d3121
GuLoader
f06047b09abc77529969c5949deda36ff154539d1b9ed8942c22fbb307d8aac9
GuLoader
f473938086334f7e6877e53b350339f11cfcc87ba10ec04a17bccfdf4d47a301
GuLoader
+ 112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7d18lx1raj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 f8b65210c84ce89d6da36df0281201b6f6884af458376c4ee19c1668c1fd83a7

GuLoader

Executable exe 38b8d9983df22426b89c88131a63c57734d358c79b08ab51feb813f7f980409b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366134/
  
Dropped by
MD5 f80f263db7dcdafeee6f3363494e22ea
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f8b65210c84ce89d6da36df0281201b6f6884af458376c4ee19c1668c1fd83a7

Comments