MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61422e082aca1bb6a4abd3271332453993bbb320a08fa39941bd1cecf16159d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61422e082aca1bb6a4abd3271332453993bbb320a08fa39941bd1cecf16159d3
SHA3-384 hash: d00f708efaf852cf875eb14c9aa67b07734c2cb994f18d8930e0f2a7bf75f7625e8ed309bc3f6907634e389d0f803b25
SHA1 hash: 1f3a62543e3c5707b35a02a64e075a694ee0a72a
MD5 hash: 9b1d7846e49ca04399977a0136855b9e
humanhash: fix-oranges-pennsylvania-black
File name:T.T ..RFQ.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:41:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3a12c7dbc87fb9220d9a7ed9b19e5469 (1 x GuLoader)
ssdeep 768:bS0Iu1aL3mNtlrHBOjopWl2U7ucLo8t0XXEZHZTHi6JIOLHE+pjeFYrBLMdhfezo:bFIuRtSz37LoSNJZriaPjwIMdhfezRL
Threatray 805 similar samples on MalwareBazaar
TLSH FA738E13A914D257F0400AB02CD35EA85F167C3819836F8B619D7F4FE9BA7936CAA13D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: total.tn
Sending IP: 192.227.246.82
From: Wassim BEN LAJNEF <Wassim.BENLAJNEF@total.tn>
Subject: Total Tunisia RFQ
Attachment: T.T ..RFQ.r00 (contains "T.T ..RFQ.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1gmVkukS9LBLQ13erHhK6HcBOy0YGtNiJ

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7255/
Gathering data
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:43:08 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mfbc4cbkzin3njfl2mtrgmsfhgj3xmzauch2hgkbxuooz4lblhjq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
34c9285a6b094968258fffe94cb3339c1715cbc6b8db1d309f7075eb0afda2d0
GuLoader
3e1b8febf5f7c0c794dad1a6ae195de982e8c0940997568a370c6fb21511d98a
GuLoader
5f0c0c43a813132bc787e581c5456b0bbd3f4bb1947691b9636eec6236861f5c
GuLoader
5faba24468dbc655649ac2467b30d89f0e9d7f2bd9f827656a157494d132b607
GuLoader
620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b
GuLoader
8d73f17a44953ad8b611e21a6b661c0f39255a88f1a567640110ed8a364ee2ee
GuLoader
aa82601b73b942480ec35f665f346890e2d2b51646b89b77a36efed5962527d7
GuLoader
ad3cc0c05d4a7f42dba42a7bc414b78d50e3279d4ac40cdeda7d893c50020231
GuLoader
dfa8fa537be02efde6add76862693fb2f099e3339798cc1d05a2feff5409ab86
GuLoader
efecbafe7ddfe1306dac292dbd23be0caf62c5423a4c7a91086b0ca194a5e3ed
GuLoader
+ 795 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-42rjlcavh6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 84fc68bfd4ec4c3bf94f97a4454aa91c38851fcc9f83c0a31fba8f4307fadf4c

GuLoader

Executable exe 61422e082aca1bb6a4abd3271332453993bbb320a08fa39941bd1cecf16159d3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384283/
  
Dropped by
MD5 6f0e2c089fed6c78830b72e30deb1c5d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7255/
  
Dropped by
SHA256 84fc68bfd4ec4c3bf94f97a4454aa91c38851fcc9f83c0a31fba8f4307fadf4c

Comments