MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7eb79aa85e80bebf0a52217d26985acb5ff2f594e9f3e0b07e210d7963c2dd4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7eb79aa85e80bebf0a52217d26985acb5ff2f594e9f3e0b07e210d7963c2dd4b
SHA3-384 hash: 4a5c8a3a04076fc21d297b3f9e9ef0208655f0eeb120cd4cb0839814d67090137e50d19a069217695a3749a80d42b483
SHA1 hash: 1b6ae2c9fa7669af0b5c85d9e3eaae181801dd78
MD5 hash: 0e670856ae6b4f06947f6b741d47efaf
humanhash: ceiling-comet-massachusetts-burger
File name:RFQ @ 2065001 - INQUIRY.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:30:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 06e8f3c12649a795866911dd3a6f6875 (1 x GuLoader)
ssdeep 768:tGvJdvvBndVo8YlIEW0XBg5U/ic8VvScLcY42CXPQfIo+Af8fylQBpkU13i:YhXdq6+xaUacu/4PQfIo+LfywpkU0
Threatray 240 similar samples on MalwareBazaar
TLSH CAB3D822B6E8DCB2EF354BB108769DE49E26FC248C000F47714E768D957A6C9B9B1217
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 156.96.62.50
From: Sales Dept <info.kuwait@gmail.com>
Reply-To: mikehosek25@gmail.com
Subject: RFQ @ 2065001 - INQUIRY
Attachment: RFQ @ 2065001 - INQUIRY.zip (contains "RFQ @ 2065001 - INQUIRY.exe")

GuLoader payload URL:
https://hosseinsoltani.ir/wp-includes/fonts/vica_NxWJb194.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5620/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 03:08:40 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d
GuLoader
15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a
GuLoader
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
396c661ffc736d98af8dfbb324b5a67ec3feb379579969b22b6ffc61d60e4ef4
GuLoader
85da31a80a4d9abbb63b08026620b12410c1865fdc8399c283af3bbfbddfd4f6
GuLoader
98be845142b95ecbd3c9138d67e531253d822494a9359b14ddc83fde3add7996
GuLoader
a7187cba00f1ecf7d0ce8758c9376610eb513869152e7b4bd28e711f6b440053
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
e8aea93df30f3e8bd0542030dc4c31c561bdcd1e176a9835372a7d3508750ccf
GuLoader
+ 230 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qg39e37rws/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 70a62347b8f6ad17ce67404ccbcf640ca11a1e03b38e9f43e62778852bd71b1d

GuLoader

Executable exe 7eb79aa85e80bebf0a52217d26985acb5ff2f594e9f3e0b07e210d7963c2dd4b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368652/
  
Dropped by
MD5 0131e5fe12f5ab3d005744aa6f673bdd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 70a62347b8f6ad17ce67404ccbcf640ca11a1e03b38e9f43e62778852bd71b1d
Cape
Cape
https://www.capesandbox.com/analysis/5620/

Comments