MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38d18cd2973bf872b3baabd7cc323741f8bd0c660bf9cfc91ddbb237f4618005. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38d18cd2973bf872b3baabd7cc323741f8bd0c660bf9cfc91ddbb237f4618005
SHA3-384 hash: 58ad21f63e635cc2eb89023beb82963bd69ba8b38bc7d5e91d32c4831b7dc9cdceb6e07bcc7b19bf6c23b96d7dba5cf9
SHA1 hash: 95ca1af9a1a06cb6f9484bf06c9b0bf0ffbc532c
MD5 hash: 6de31ab0b84c12917b6829de119e9083
humanhash: monkey-yellow-tennessee-georgia
File name:Deposit slips 5-6-20.xlsx
Download: download sample
Signature GuLoader
Create hunting rule
File size:230'006 bytes
First seen:2020-05-06 12:48:08 UTC
Last seen:Never
File type:Excel file xlsx
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 6144:/TCATMT3alggHMYAORD9oMcYXjSVCPAs6hjdugakGn8:VIT3a0GRDWRYcj2kP
Threatray 61 similar samples on MalwareBazaar
TLSH 4C2412E28B93657FE3594078A1E921885B332A006A361DF835D1DF758C7F4A12ACD7CE
Reporter cocaman
Tags:GuLoader xlsx


Avatar
cocaman
Malicious email
From: "Diana | ESB Supplies" <diana@esbsupplies.co.za>
Received: from huataogroup.com (unknown [37.49.230.247])
Date: 6 May 2020 13:44:10 +0200
Subject: PAYMENT DEPOSIT SLIP
Attachment: Deposit slips 5-6-20.xlsx

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27429.XmlHeur.Autoload.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Malware.XML.Autoload-1.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EQAndMisCasedOleNativeWasTheCaseThatTheyGaveMe.20200215.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 13:31:13 UTC
File Type:
Document
Extracted files:
19
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
2a2329959145b50cb16c5a953ae21be4f5a6a41673991d50f2012398b3abee8e
GuLoader
3700f2c5fe27c80e41984b2a55f236655a09f0781c05b265bccb26165318d78a
GuLoader
9d46a97f288bd037918b0ba5c374ed392388d7f6de7e93f2289d44c70982b5ce
GuLoader
af86c7d38b436ded683e7a304f9200312aaa8e283c31de972bfabcd87a857a1b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b920d1987e381d9b0944672e76d927fc6e1dc90173990aa1143a1029da87d9f5
GuLoader
d4d5cdb9d12362b131de0348342451afd270d320e57cd956991945a61d2013f6
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 51 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sbjc899sfx/
Behaviour
Enumerates system info in registry
Launches Equation Editor
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Excel file xlsx 38d18cd2973bf872b3baabd7cc323741f8bd0c660bf9cfc91ddbb237f4618005

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments