MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cb03872ebbfad73a583eeef48a405eea3b26fc09aea1ee521d3959975b28b0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cb03872ebbfad73a583eeef48a405eea3b26fc09aea1ee521d3959975b28b0a
SHA3-384 hash: f871820455ed13b01445b202830710133add87ea06a618a04409b5299c0c74f8410a49edbe5242fc8245ae41c1831e75
SHA1 hash: 7f28a81010ecc5eb4dc8c20fed6aa451f7298d37
MD5 hash: 00b47836065ef6855e5441d57d6aeb73
humanhash: aspen-cardinal-double-red
File name:PO_20200512.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:155'648 bytes
First seen:2020-05-12 15:46:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d741afce5c3866f78cc56ddffc4bc4f1 (1 x GuLoader)
ssdeep 1536:09YT9gxw199fxO/dozadR6NhBQ+WOBRW5YGtRfB:09YZyeJgoAZb
Threatray 148 similar samples on MalwareBazaar
TLSH F6E3658CFBE28417EE168A3AC6577D040A3B6DB0195E51CF22F274018F73BA45E51ABD
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gium.com
Sending IP: 173.82.245.218
From: smith@bonnienkim.us
Subject: Re: Re: urgent request for quotation for Bid
Attachment: PO_20200512.img (contains "PO_20200512.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 01:44:24 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=psydq4xlx6wxhjmd53xurjaf52r3e36atlvb5zjb2okzs5nsrmfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3f156e6cda9e6e1a358cc2df660cffcce106b627e74362bc6fa817208f626b74
GuLoader
4f965aee8b694528d2d11d5a80eeee466959650ffcd12b5f0fc28d3a11709e27
GuLoader
7b0eeeb2adc3fe44102752fbe9a4ed08b3e3bf07fe633f9c3f4ab67eafb6e0aa
GuLoader
9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12
GuLoader
b081c3ca5ac83f979746ca3b82455090c157446e85d57fa9a624782dc122a657
GuLoader
d8893925a5d8f9574be0f322355b79372e9c58dacc1e7737223a7b96e53fe4f6
GuLoader
dfc591ce4559101d5c59cf6cc2773496733b1fac5a058529bb093a56298dc8e6
GuLoader
e3b22f7b9f72b19b41dfe024803aeeaa88d0072a3e10a5bea82413285721c91b
GuLoader
e43b2e9112cfdb0636686ec8994eaf717d159d10daefda23f11588a424468e90
GuLoader
f8707020bc0b78ae0fab3bd9794993c4cae406d9f13fcb6098f3321cb6bba515
GuLoader
+ 138 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pty7kqtgtn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b357f39a52584a74a32ff2d858cc3bc5

GuLoader

Executable exe 7cb03872ebbfad73a583eeef48a405eea3b26fc09aea1ee521d3959975b28b0a

(this sample)

  
Dropped by
MD5 b357f39a52584a74a32ff2d858cc3bc5
  
Delivery method
Distributed via e-mail attachment

Comments