MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ec48308cb3200731f34d1424d1724b17c1fb8b93af66b1597f7556ad335f5dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ec48308cb3200731f34d1424d1724b17c1fb8b93af66b1597f7556ad335f5dd
SHA3-384 hash: 2e5b35a665d4bb05dc583f291feff912474428f2585d3c0addcb652d8202bf71a9a10106a45df0e9595f39652b9661af
SHA1 hash: 3b539766cdb478c30b9d2c10a5f751431140b8bb
MD5 hash: 582cf1525cc52783a79d7b8e894d9def
humanhash: xray-lemon-spaghetti-monkey
File name:Doc14052020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-14 08:33:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bb4498ece3c4cf08d03b7b6e4fcdb2b6 (1 x GuLoader)
ssdeep 768:1VBQaDpfBpDd2DLTwb/P08CyITVjz3HUe89SgQkWf:9bJpDkDLw/Pn0Ttz3U1B2
Threatray 680 similar samples on MalwareBazaar
TLSH 56833983F5E5D5F2D6544BB45E3297E8822BFC310D028D0B7DC43E1E1A3AB9AA51235B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.LokiBot-7792565-0
Create hunting rule

Win.Trojan.LokiBot-7792584-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 06:18:52 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h3cigcglgiahghzu2fbe2fzewf6b7ofzhl3gwfmx65kwvuzv6xoq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08361399bcfd6c87b301f7dd61be86d5eedf3013608d3cd98c818435bd43a724
GuLoader
118185aed4dd97bbf3fe28bebb075a67ca7dbf75dee24efa999e170ee13d0396
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
20b3c1c5495ed7389cb63dfe6f990c7acd72edd8a6e385cbe698702647d44649
GuLoader
20be971374f0ffd1224aafed410fdb30e3340788a7dd80747dd18f3ef0f8168d
GuLoader
77cd698dd8da0266aca9be3942b70558c060cbd5dca39450fbbab461f4b06b92
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bdd1e58d7a15e88b1f6400fa7aff3d021a3b944dde54e0b156b5d90c71e1f553
GuLoader
c744751ad79f737ac78fe9c69afac4c7b8940951b2fe67d20175d27e77721371
GuLoader
de034510400de08c5508ad8d236bc533990778cd9867c0a6190a5459cbca6422
GuLoader
+ 670 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bqddj1nplj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 3b273143959d14746b0e9201d96265e348a2cf81216f5186adfbed66192da25b

GuLoader

Executable exe 3ec48308cb3200731f34d1424d1724b17c1fb8b93af66b1597f7556ad335f5dd

(this sample)

  
Dropped by
MD5 07ca87f1c975675d9659efc1bdc5ae90
  
Dropped by
SHA256 3b273143959d14746b0e9201d96265e348a2cf81216f5186adfbed66192da25b
  
Delivery method
Distributed via e-mail attachment

Comments