MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 396c661ffc736d98af8dfbb324b5a67ec3feb379579969b22b6ffc61d60e4ef4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 396c661ffc736d98af8dfbb324b5a67ec3feb379579969b22b6ffc61d60e4ef4
SHA3-384 hash: 6213dc727d8935ee335ae0a733b0aade0f352a07a92c62932cdbc48fb2b1001df3b20230e54eaee61fad5a476afb002d
SHA1 hash: d00ccfc888d8e82398774ef9e06d2bef8efaf331
MD5 hash: 688be9cca636a340030c709cbd010617
humanhash: green-cat-twelve-robin
File name:e-dekont.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-28 13:17:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0096b679207529de901d51b75843faeb (1 x GuLoader)
ssdeep 1536:S9oplOCQoxcYrhzuCcXqhbbUWfiS3z6cXG6/8/yfvyNG3FyFYe7C5QyO8Sp:YopQCVrhzunahnqS3z6M8/lNYd8
Threatray 232 similar samples on MalwareBazaar
TLSH 2C0428323656DC66CA6446F4DCE2C4F40521BC1CCA1B8A27B3D07F6E36BA58B9D26371
Reporter abuse_ch
Tags:exe geo GuLoader TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: max0.noekin.net
Sending IP: 213.59.119.242
From: ZIRAAT BANKASI <ziraat@ileti.ziraatbank.com.tr>
Subject: e-dekont
Attachment: e-dekont.pdf.img (contains "e-dekont.pdf.exe")

GuLoader payload URL:
http://185.205.209.166/wext/net-N_oCAkzZdgp45.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5868/
Detection(s):
SecuriteInfo.com.HEUR.QVM03.0.8634.Malware.Gen.31624.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:37:35 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
7 of 31 (22.58%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d
GuLoader
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
GuLoader
4adf106d80dd2be5d8ea333dcc3a1d06770e4d913b25d05616247f9c66f99484
GuLoader
742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343
GuLoader
7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb
GuLoader
7cfa97a92b4242af9657fe87263b30a68d06f7d360c565f362794618713e1774
GuLoader
7eb79aa85e80bebf0a52217d26985acb5ff2f594e9f3e0b07e210d7963c2dd4b
GuLoader
83acd77bd1b76095992046c1cd53fd0fb4f0ae9f22f410facf174f4e1ce2f475
GuLoader
846481e2b8fa290c2cb12b0c8803305435c9833c4c791f3d4d989db6f51838c5
GuLoader
e8aea93df30f3e8bd0542030dc4c31c561bdcd1e176a9835372a7d3508750ccf
GuLoader
+ 222 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x8ewkvqpfx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c39ec2c395f976a0c380c82c979eb7a17fea1f11a89344a5f14e684c7c26ec28

GuLoader

Executable exe 396c661ffc736d98af8dfbb324b5a67ec3feb379579969b22b6ffc61d60e4ef4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370976/
  
Dropped by
MD5 31d80dfa6a6631131f23e9f65dee17a7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c39ec2c395f976a0c380c82c979eb7a17fea1f11a89344a5f14e684c7c26ec28
Cape
Cape
https://www.capesandbox.com/analysis/5868/

Comments