MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dbbac1168364d14fbee670547dea6db654c0abd668ed9a39d669bfd7efa8496. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	7dbbac1168364d14fbee670547dea6db654c0abd668ed9a39d669bfd7efa8496
SHA3-384 hash:	21aa75a5dbf10c9b205709e2d4b3240de191eb3f650ce23f2dddbeeab05426f0dd7d4575206e4536b180faf985182594
SHA1 hash:	c6b388beab559b4084183fa6117873989f241f97
MD5 hash:	f531857602ce06dd83df792bf435500e
humanhash:	london-moon-aspen-asparagus
File name:	Teva CH Container 1Quotation.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	106'496 bytes
First seen:	2020-05-11 18:47:23 UTC
Last seen:	2020-05-11 19:49:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	cadd58b91b3590fde25bdb97619a7a6f (1 x GuLoader)
ssdeep	1536:T6JrwctLenJfazCIjoQudoe09Qma8Q1KukFzVNFx8DA:utLeta2IjfaKui9B
Threatray	103 similar samples on MalwareBazaar
TLSH	EDA3955573B8F927C8A98EF20711ABE102F95C75985126136BC77AEF063AC36E270317
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Razy.669211.1998.8098.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-11 12:15:00 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pw52yeligzgrj67om4cupxvg3nsuycv5m2hnti45m2n727x2qsla._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-1caanjst4e/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 7444b54cdcab4b60bd0c6c7874a45515741d31347558f0539ed7b424338b846f

GuLoader

exe 7dbbac1168364d14fbee670547dea6db654c0abd668ed9a39d669bfd7efa8496

(this sample)

Dropped by

MD5 53f00e5e41e609c3e7cffacea0c9e5b9

Dropped by

SHA256 7444b54cdcab4b60bd0c6c7874a45515741d31347558f0539ed7b424338b846f

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample