MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e98c02b3b0d153b545560bc9a97b3b62ea45d03bff96410c2a3be4e50129b87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e98c02b3b0d153b545560bc9a97b3b62ea45d03bff96410c2a3be4e50129b87
SHA3-384 hash: e208704e15558549be25843a30297a659693141c5323a40f6ede69a28368e9740234e178ecf22bda665965a69d048fed
SHA1 hash: e41da6d36d1fd710a75c220410adeca750e65c17
MD5 hash: cc04b0235b75480fd9067fb898669688
humanhash: beryllium-stream-undress-south
File name:file.pdf.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:32:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0d910ba02275117d13e252df7c0d47a3 (1 x GuLoader)
ssdeep 1536:ESPfxV40HaqpE66ckgrKHxLdGKc+o0FDHdZ1gIbS6ZWVI2leAaBMr8ekaQB:FPX6QKVdhjFD9zfdoSegB
Threatray 697 similar samples on MalwareBazaar
TLSH E2B37C03EC4C8A53D1544BBD3D579DB93B1CA80E09406FEF75796DABAE312422CAB11E
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: shbc10.ultina.jp
Sending IP: 218.40.207.10
From: Saleh Nafe Al Sayah <saleh.alsayah@nomac.com>
Reply-To: saleh.alsayah@nomac.com
Subject: Purchasing RFQ_6000116413 PR_(0010036518,001003651
Attachment: Purchasing RFQ_6000116413 PR_0010036518,001003651.gz (contains "file.pdf.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=70C4976FC04DDB54&resid=70C4976FC04DDB54%21115&authkey=AMC_k1nnlYwDC4I

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6337/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:42 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p2mmakz3buktwvcvmc6jvf5twyxkixidx74wiegcuo7e4uastodq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
2a058410467d9a9aca36e588d9e3a0436b90b949c352f05ace83aa244e2567a2
GuLoader
335d8ed00053696daafe3bf49972b52e1db2588c913d6de0e14e6fcd158d90c5
GuLoader
743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4
GuLoader
7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
GuLoader
83fc18a8a68814bb00e6d7bddbdce27ac5ffdc4dca8f57408e0db2124e4c441c
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
f0904d56b0d621156adf1d4449d1b445e6d45eec9c0a4b09e22f9bb95a185955
GuLoader
f9389b3ae99666514bbe467217ebd46597e6d2e919f105697a152afe1da73e18
GuLoader
fea3940f656c82bb8ed4668c67b6be0ecd1b72fc6d6ea52199c365ec03212a31
GuLoader
+ 687 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hbx6l83n86/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 026d3b61c94673a39d6b8a936f0fde107c0b9241da3940e8aeea070cad93f19d

GuLoader

Executable exe 7e98c02b3b0d153b545560bc9a97b3b62ea45d03bff96410c2a3be4e50129b87

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376025/
  
Dropped by
MD5 30d4ecf954465360216a29c84fa9d895
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 026d3b61c94673a39d6b8a936f0fde107c0b9241da3940e8aeea070cad93f19d
Cape
Cape
https://www.capesandbox.com/analysis/6337/

Comments