MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4196c45770a6cff338d48b681d7f7c0fa3330faefdf165033ee5c89fd295860f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4196c45770a6cff338d48b681d7f7c0fa3330faefdf165033ee5c89fd295860f
SHA3-384 hash: ba3f04bd73a52768e7a902c299674c924be363e7744da671ed9a3aef6661b037d58c58bcbdee0ff48a2e134016b43cf2
SHA1 hash: 65f0465c01466b9adcf78421786a7959043de3a0
MD5 hash: cdce24d9cc044fa8d7405dc237bdfe68
humanhash: pennsylvania-california-hawaii-fanta
File name:RFQ For Fertilizer and farming equipment supplyEQ2020521SG-630010766.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 10:30:07 UTC
Last seen:2020-05-21 12:24:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 48b8ec1f89881dfbe2ca55cc8eca62a8 (1 x GuLoader)
ssdeep 768:8JIH3LcWaSvH4Nf++Qdjrwm/OSVvcq1eWV9yavMWjTQ+POO0C25PG/E:WIH72SvHSf8f/OASWVdTQUYR
Threatray 1'425 similar samples on MalwareBazaar
TLSH 70A32B2274A05C17DE408AF11DBDABAC616FAD3028198F0774CF7B1D5632B92FA1634B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.siniormaintl.ml
Sending IP: 46.21.147.237
From: Total Credit Management Services Ltd. <inquiry@totalcredit.hk>
Subject: RFQ For Fertilizer and farming equipment supply//EQ/2020/521/SG-630010766
Attachment: RFQ For Fertilizer and farming equipment supplyEQ2020521SG-630010766.rar (contains "RFQ For Fertilizer and farming equipment supplyEQ2020521SG-630010766.exe")

GuLoader payload URL:
https://qif.ac.ke/anyii_DbAFfSTiIS190.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34122.gm0@aGv3Ujji.16880.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:52 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iglmiv3qu3h7gogurnub2734b6rtgd5o7xywkaz64xej7uuvqyhq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
14ab9ac5f254705d24bf42ac212827c4aebe6f64ba3a9331c8c153bd18195152
GuLoader
2867fc0da53d97c9ad3291cffd683c48417f47431b36e2101c11a29ee3ae1e87
GuLoader
484ff6267219f9eb4794c1f20aaa9562a459e0d1a787743592b1532eda3be541
GuLoader
97d0665cd19b89fabb2a9220c19b88776693c6bcc7d2159c10e18cf3707bb019
GuLoader
a4fb872505b79e9ecf7b8f1a2c4081e2e31edee3b4c5f30748fdfb0973ae21c6
GuLoader
a9089afb7795019bd9b1a2395b387a6c9957d499f10ff2929bf8d65c9913f453
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bbeaa86003be4d14ff5643c47d20ca8a44e4d7e655bda8a93439fbe7dd4e9066
GuLoader
c72abb73f39b466cd8b230c1fd9d6c1bf46573db11038eaa407d47976eb317eb
GuLoader
de4a1ed43a149b646a258a5b119270c2c38da15f4b90ed9821d9e1e3527e8ed8
GuLoader
+ 1'415 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2tn1l493n6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 6fedd1bd55d8317b9a36456cb540410b92bb09df6a7a383d3113a0ad76a74570

GuLoader

Executable exe 4196c45770a6cff338d48b681d7f7c0fa3330faefdf165033ee5c89fd295860f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365506/
  
Dropped by
MD5 f430fb086e1115a1824d19f573bb7292
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6fedd1bd55d8317b9a36456cb540410b92bb09df6a7a383d3113a0ad76a74570

Comments