MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73578e1eff058923a129059d2af27488d57bab07d08c82017fdb0609333f50f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73578e1eff058923a129059d2af27488d57bab07d08c82017fdb0609333f50f5
SHA3-384 hash: 0a34d513d48ab834ba165b83eef87fd840e811a865d5415c37105f1f26a5a48d18bad38d7f4191c9fb5234fbb256fdf0
SHA1 hash: 660268812d919a41d2302732b0134a80e9fbdc3d
MD5 hash: 3fcc9b88a0ba3dd4aa2c80d6c2396bfd
humanhash: two-don-texas-alanine
File name:amaoke.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-05-13 10:15:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab3af5e62d5ba14d98be7574ccf4d70d (2 x GuLoader, 1 x FormBook)
ssdeep 768:FhrPdMsvt+Z87Ahs0cmV4jGEFQlpDJ2rwTVAP8OKgb8Bb:Pras/ElVqApIGiP8dgbQ
Threatray 5'284 similar samples on MalwareBazaar
TLSH D253D52EDDD45DBDE21DDB7CCA26A694001A6C310DB2CFC7381439DA26336729B4532B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: [159.89.164.14]
Sending IP: 159.89.164.14
From: pichet@tandem-chemical.co.th
Reply-To: garzersales1181@gmail.com
Subject: Official Purchase Order P.O. Material Requirements.PDF
Attachment: amaoke.arj (contains "amaoke.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.AAEH.km.6617.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 04:01:00 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=only4hx7aweshijjawosv4turdkxxkyh2cgieal73mdasmz7kd2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2548272de2d930f99b953bf466d49d5f850f4f9105ff420937edfa9ae70aff7d
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
GuLoader
3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
GuLoader
4c648b7b14b2eb3f4d58468a82684d68ee1ef6bed84a57545454de8849da9535
GuLoader
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
GuLoader
7cf754ed7c5a766f7622660204ef84baefe244fea900ee17fd5c80610fe302e9
GuLoader
9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
GuLoader
aebcacef83bf139cf1f922a1c8687449286d661908b9ffbdd7e51866ebde4409
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
+ 5'274 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-msbqlsjyk6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ef4e01fd508b89f33be6762b3b3aba29ebd816d15173445c282fb6e6c2af1b4c

GuLoader

Executable exe 73578e1eff058923a129059d2af27488d57bab07d08c82017fdb0609333f50f5

(this sample)

  
Dropped by
MD5 e5e710404be7059d30ef067e283f3bc8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ef4e01fd508b89f33be6762b3b3aba29ebd816d15173445c282fb6e6c2af1b4c

Comments