MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f05a4c741ce687b728cad820f1bf2667037ae77a51760a559765195115d0ab9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f05a4c741ce687b728cad820f1bf2667037ae77a51760a559765195115d0ab9
SHA3-384 hash: 7e40114482634f0e43de3b0a04a80b3ccf14b6756f519982636a41b982ad4f27d0f0420e713795fcc12a617c711448e7
SHA1 hash: 540aae2d104b9d815a99c3425b1885e1b076ba39
MD5 hash: b5654558265caf1e64b86ea27a3d3750
humanhash: muppet-fruit-utah-berlin
File name:IMG SCAN INV DOC#13T331.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-13 10:31:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ac66d859659e7ad2d2c63d8f893a5ab7 (1 x GuLoader)
ssdeep 768:Eb5B+bykQQEnbGWMSj/znb+J+L+Dg/ZSBDEm6BabvV2h0kjAhS45eTlSdY9rV5Xq:YH0EnbG7SHqJ+L+Dg/MBgOgjZrre
Threatray 542 similar samples on MalwareBazaar
TLSH 0E931B42B1909563D3548A71EF38C799D29FEF30362289473AC03A5D5E37E45BA3233A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.vstmotors.com
Sending IP: 59.160.116.104
From: r.anbarasu@vstgrandeur.com
Subject: Product order list enquiry
Attachment: Product List.IMG (contains "IMG SCAN INV DOC#13T331.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-7788440-0
Create hunting rule

Win.Trojan.Generic-7789322-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 10:36:44 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n4c2jr2bzzuhw4umvwba6g7smzydpltxuulwbjkzozizkek5bk4q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
02def9affacc0bafe6bff95b3a3a222c7dacdad2055600e393bf9c4be26a4d4c
GuLoader
5b37579017466736b44946c2a321c24551b3dce6aec22b306ad8ccf6366fe881
GuLoader
5ec674e9110c534ac08697894fe1f43668c408e3693970f89ae86e6e49c66843
GuLoader
79624093602d22b967e0f25a549ccce2a0f032cbe89d784673f899544edc954e
GuLoader
7b23ae187c859c1b6c0c40ae38152f7f57093e0217e15f875f5f08cbbaf432c4
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ba6330b4e5e80f8184223a6ba094ae775fcee8f2d6409547b5aa1938d15405b8
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
d80f533d3202def1e03d6b4a21cc01eefb5cec003e4740174dbcfbc9112e17f4
GuLoader
ff3b81851b99eee686847214f6c932aecba77d021fdaa8c8a9ef28b2fdf34744
GuLoader
+ 532 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4h9cqmnbee/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 44a3b70c39cf0b38edd6bced90fe8bd6c2eec0800d79a1054994217ab500a062

GuLoader

Executable exe 6f05a4c741ce687b728cad820f1bf2667037ae77a51760a559765195115d0ab9

(this sample)

  
Dropped by
MD5 d91783c1c8f5e4eb80ee2a4f53a9d4a6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 44a3b70c39cf0b38edd6bced90fe8bd6c2eec0800d79a1054994217ab500a062

Comments