MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7029a84f194657063ae7b30c973fef675bcfd1065100480441ae69a597de2e10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7029a84f194657063ae7b30c973fef675bcfd1065100480441ae69a597de2e10
SHA3-384 hash: 9baaa73df5126e7c4a80d79b3cc359e69ab67666c0994490245060b3fb6e4d67dfcba2f65f4c1c33578d120b03878dd7
SHA1 hash: 354b35c92870becffe8a61b2249a679ca77a3e77
MD5 hash: 2a17dc50049be046347a3942aafd323c
humanhash: pizza-fanta-hot-glucose
File name:ndringsloven.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 12:57:11 UTC
Last seen:2020-05-27 14:13:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 43410637a8d0d2cd10d03b7d9a1954dc (1 x GuLoader)
ssdeep 1536:XbBBMM/0V9lVBVUm7xm0W//U45rbipjg:rClVDJ6XPJH
Threatray 226 similar samples on MalwareBazaar
TLSH B1B3F813B5E45CB2E974CFB10D798AA85D32BD3939154F03754CFF8E253268A29B132A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.example.com
Sending IP: 103.114.106.250
From: Jason Bourne <admin@mogioan.cf>
Subject: FWD: Quotation inquiry
Attachment: order as attached_images.rar (contains "ndringsloven.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1ndavvawsa0VkUyvqKGfycpNGZ2_N31Qg

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5700/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AE.12918.8057.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 13:36:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
32 of 48 (66.67%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0d852bfcbc49afecc18e426f7d694597966256d55c225a4ae798a7e98200b5ca
GuLoader
0eb381723057cbec531c209a0b5dca273d5c05ca5832b4d7baa2447d32e861cf
GuLoader
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
GuLoader
3c774090ba37e891c0268796302378c8340f29c3d5dd1be52395abfd2c126bea
GuLoader
76ff41be8f7f15dbb035fb27ad00cbd313d0d75745945b81642f10986fc83ffb
GuLoader
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
GuLoader
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564
GuLoader
cb3361d5bf568aba34328c4ec4fc2b9dc0453cc935aa611236d4b5a08ad7d2a7
GuLoader
+ 216 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7qzq57rrrx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar c5e87a48e06b9aaad95e91547aa31096770202f13c06228c0d023958e074f0a5

GuLoader

Executable exe 7029a84f194657063ae7b30c973fef675bcfd1065100480441ae69a597de2e10

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369899/
  
Dropped by
MD5 deae45f1c7e94b4a40360663c41b1af8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c5e87a48e06b9aaad95e91547aa31096770202f13c06228c0d023958e074f0a5
Cape
Cape
https://www.capesandbox.com/analysis/5700/

Comments