MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c35438a1fe6165f0a3fe818dbfc1b65fccb7b534b9a2c085b1527a47237eb69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c35438a1fe6165f0a3fe818dbfc1b65fccb7b534b9a2c085b1527a47237eb69
SHA3-384 hash: cc6f35bd8fead37da2c39a29daca7316609230efd858ecb14432922c4d78f874bdc75315cec4d44e9861e2b26747f1d5
SHA1 hash: 5c8493b73b78abf4ed0fef44d1cb6bbb5d5f4ad9
MD5 hash: 45de0a88f1fdb9ec5b53af51b4f613b7
humanhash: december-nineteen-vegan-artist
File name:quotation #QTN-20-971-JA04Q7..exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 06:38:47 UTC
Last seen:2020-05-22 08:03:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e46bceeb8eb7fe97702f9dab616d0740 (1 x GuLoader)
ssdeep 768:9RQtyFEwc5L5VOIEYa/TcPSRFr1qEtXr4/33zjpTlirLImJAFHH5kwQWeT:3vFEzVOIi/mSRRJ4/HfpTlisawg
Threatray 104 similar samples on MalwareBazaar
TLSH D5933A21B794EC92DD448DF1AD278AD8116BFC353A054E4734D33EAD3A33D426A7938A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: lamarchemfg.com
Sending IP: 37.49.230.146
From: sales@lamarchemfg.com
Subject: Urgent Request for quotation DTDC EXPRESS LTD.
Attachment: quotation QTN-20-971-JA04Q7_PDF.ace (contains "quotation #QTN-20-971-JA04Q7..exe")

GuLoader payload URL:
https://hosseinsoltani.ir/chuks%20po_nLatVelbs7.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.44472.14266.17895.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 00:05:08 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
32c2766ee799eeffcfdff37dc5a1237b1c152f36b7108c4bd13c082db2d46423
GuLoader
3712c1a9e9ab864ee28897d0802179db4a2f664f61629f1154437640be377530
GuLoader
6972fcf47a2db0c5ce7cd905bd12cbbc5155e98f57e1362a8b1a3c94177a2419
GuLoader
7200e0900aae53fbd40a961458d2fbdf60a715cf4880b9a6397ea007ccf20f17
GuLoader
7b0eeeb2adc3fe44102752fbe9a4ed08b3e3bf07fe633f9c3f4ab67eafb6e0aa
GuLoader
a4429d0165e0b0c5e3b7840303bed826a9de8122d824622656d9ae9d6e396eea
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c523252072f5911950614d6a91d16036b0128c10458f05a4ab0b7a3221780c1a
GuLoader
d5132d40838a12d557fdcea3492cbe6775330dc7298bb806b076011816fe1f36
GuLoader
d83429370b6d814b6ff67dd1736424db4e11e39ee745867f09c98f49fae4e1fc
GuLoader
+ 94 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dfjsyqc3fn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0c778541b86d25b02de8fe0b5eb365d8ae9c262c97b7513ed6c132ba9e805c53

GuLoader

Executable exe 7c35438a1fe6165f0a3fe818dbfc1b65fccb7b534b9a2c085b1527a47237eb69

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366437/
  
Dropped by
MD5 21db498084927a3758f351531d34c6d1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0c778541b86d25b02de8fe0b5eb365d8ae9c262c97b7513ed6c132ba9e805c53

Comments