MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71
SHA3-384 hash: 32c4a344b3fc4e0699fc4f2aff95d54b82510e4a77670be90ec2e6be4a22bd3336847fd6cde10b81256722d8e446f7d8
SHA1 hash: c45290c6eb97bb667bb84185a0bba0edaec8f4b6
MD5 hash: 9cb9a328138f3ae9bc298b46d8f8ec1f
humanhash: wisconsin-moon-fix-golf
File name:picture of goods.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 10:50:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8317a29420974b9b6f9aa2ba7fe130c8 (1 x GuLoader)
ssdeep 768:pUXuujztuMnylXp5ppLu7u6BCve+n8zDWCaFlGTEvfgaLEDv1dpjfj:pU++tuMCQ7uidz6+TZvPVr
Threatray 888 similar samples on MalwareBazaar
TLSH C9732B2EFE488174F9654AB12559D062BB297C325406AF1F7240AE5AF831987FCF133B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Sales Engineer" <user@t-online.de>
Subject: Re:picture of goods we will like to order from you.
Attachment: picture of goods.rar (contains "picture of goods.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1kN4VPo1_RNFEQ4TY3qu5ofOp5npfsV0o

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5523/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-05-31 21:25:49 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ourosy735lo6tcyuq3ynruwrufibdajla3ig6gs3yiok5zuhnzyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
GuLoader
4af9eb9a627fd64924f12a6a972423e8c5a553108be81d0ee259ff4de7d638b2
GuLoader
57bb966172a1d6bc994a682ef5da9b8b8fdabef539f44024c7e9368e6416d457
GuLoader
5c28300cdf3427d16bba325ac19073a5ea652183b8ee79cdc979dbcd9727bb27
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
95b7bbca4d924be150fb6858b8546d3386d44a8a589a7a60ab1a0961718ee84d
GuLoader
a0da1c24eb6a23bd435cf8787a335324b0dd654bfe01ab76a41c5c3cbab48fe2
GuLoader
ca29da046b516565cd41c9bb5d9ba29f8a8f9f7fc5d64a42a46b276c55874074
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
f1f8f362f768269887febcea5bb11b4ece351b3c0b8be3682c6095fc9f3fcae4
GuLoader
+ 878 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hr7kwgytes/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 70a8e4ef9d23acf3bdf6279ffb37d6eb91e833c32709ef1b690b0d695148ee28

GuLoader

Executable exe 7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373134/
  
Dropped by
MD5 47e88e9247a6207160f7436b59f28b35
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 70a8e4ef9d23acf3bdf6279ffb37d6eb91e833c32709ef1b690b0d695148ee28
Cape
Cape
https://www.capesandbox.com/analysis/5523/

Comments