MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c993072655d3846fd0fa15c1370d2e784eddc45a0204e281e8b05dfceda6ece. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c993072655d3846fd0fa15c1370d2e784eddc45a0204e281e8b05dfceda6ece
SHA3-384 hash: cc75d21689cd37e94c99a968182cfefdeb70dd1b445f3f9a3ab2d035d264069d2fc3f0b553809e75321c44cd7f1c5668
SHA1 hash: 595f07a407d16db50e9776bb2b81ec76173fd5d1
MD5 hash: a4a78ba52f2a4551e27f056163dbd980
humanhash: triple-happy-black-xray
File name:ALGOMA STEEL PROJECT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 17:25:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aba7a582d2dbc4986db87097a184cbb (1 x GuLoader)
ssdeep 1536:3SPfxV40tOQcEiyM/dI1kgrKHxLdGKc+o0FDHdZ1gIxJVuMVxRTbw6w/:iPXpcS20KVdhjFD9z/9Rw
Threatray 910 similar samples on MalwareBazaar
TLSH 0FB37C07EE4D8553D2988FFE2D139E797B1CAA4A0D001BEF21756D9AAC315432C9F21E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.huttprimax.partners
Sending IP: 162.241.215.47
From: pfinley@algoma.com
Reply-To: altan.tenagatiub@email.com
Subject: Algoma Steel //Urgent Inquiry //
Attachment: ALGOMA STEEL PROJECT.zip (contains "ALGOMA STEEL PROJECT.exe")

GuLoader payload URL:
http://jumapatagonia.com.ar/whitemaster/bin_JjNNLtz194.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6392/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 17:35:58 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=psmta4tflu4en7ipufobg4gs46co3xcfuaqe4ka6rmc57tw2n3ha._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
2c27feaca7c04d48cd54730df7e4c89dc200d18658fd78c6a3388a94f15dca9b
GuLoader
5aa9861dcb5890caaadd311b1eed80e2ae65bd0d46937cc3bdee4757da908fc6
GuLoader
604cdf637c64c8862b506caa60d1a66b02f97127dc265c6943cadd126fc32f14
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
8bd042a9cba68f9d2fb8805abf49ffc0dc989e05df78876059f671fcfd759661
GuLoader
8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
GuLoader
+ 900 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bjtfhlsx4x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f36275fc0b68cd3d6afc42cc9504d5275d002d6f45a786f1e3e1d459612d8ee4

GuLoader

Executable exe 7c993072655d3846fd0fa15c1370d2e784eddc45a0204e281e8b05dfceda6ece

(this sample)

  
Dropped by
MD5 3255f1fe9036117a805fafd70d0dd0b2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f36275fc0b68cd3d6afc42cc9504d5275d002d6f45a786f1e3e1d459612d8ee4
Cape
Cape
https://www.capesandbox.com/analysis/6392/

Comments