MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf
SHA3-384 hash: 2e047cd8ed61dde5b1e895137344ad2a25ed1b1ce405ed773c12cf2daf9b7bc2a71cbadd30377d61ae67f9371ca9a44f
SHA1 hash: 83a540f1c8f82196c9527a2dcd4da925076c937e
MD5 hash: 65ff743be053a02f46c93a11ddc6b429
humanhash: diet-item-beer-whiskey
File name:PO#A807.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:59:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e088279300086dda8c4a8f0fa07ee25b (1 x GuLoader)
ssdeep 768:aiUW+bDYhBzWjINtFnfbjNdob/yOHme2E/+qhEIUicXmFfHe9:cYvzWOrc/yg2bwEZivU
Threatray 389 similar samples on MalwareBazaar
TLSH D2935CA1F6D1D523E2568EB36B29D3A40596FC702D528D4BF9C03B1D377AA42E42331B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.onethaifoods.com
Sending IP: 45.95.168.240
From: 巴林·阿什利先生 <enquiry@onethaifoods.com>
Reply-To: ken@blendlegroup.com
Subject: 回复:回复: Find PO Document List Attached
Attachment: POA807.zip (contains "PO#A807.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 22:56:17 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i66qis2d2ubrhz6lq2vavohghs53czz6ucatmv72j7fmo2khzkxq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
153df3fe76a7a30ea0cad977d5d8bbd667c91eeff663235f5e64b6ed27be9eab
GuLoader
35de9956cb66110ef820db84e9eb9af8ea161f63a7ccfceb482c21299db67e9d
GuLoader
7cc0c6e489cb1b2d1dae70339b9409f9a54fa7d8920430490663b6f28ea4a7b4
GuLoader
8b361138d1a485395c9659ea7b607b22b9947abb8fdf8383383103412d9cd4d3
GuLoader
8bab13995983e8072027da514a3f8aaea38a4c26400fb63e1f4b855ff9a82971
GuLoader
9802e8e7e84d1f454d72be9f937a7ad59230de4819f94535c7219bc347c587e2
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cf5ec678a2f836f859eb983eb633d529c25771b3b7505e74aa695b7ca00f9fa8
GuLoader
d8fffa9f88a85c5e0e5344ee431e15c53f9d610019f0746d7a374f59f753593c
GuLoader
e43b2e9112cfdb0636686ec8994eaf717d159d10daefda23f11588a424468e90
GuLoader
+ 379 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pab95q4e8e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

7440f4533c4eca95aad031881289aa8a

GuLoader

Executable exe 47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf

(this sample)

  
Dropped by
MD5 7440f4533c4eca95aad031881289aa8a
  
Delivery method
Distributed via e-mail attachment

Comments