MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f778b8e3a796983fed9752ce588632eaefcd06d0ddc0eb346869829a14fdd00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f778b8e3a796983fed9752ce588632eaefcd06d0ddc0eb346869829a14fdd00
SHA3-384 hash: bc85bd1bce31fc0f0fdcd4ed304da66c108ed248b0d72cdc357e53c4b7d47ada6aa3c46492c57055531ac39631be4f2b
SHA1 hash: c3220c28e4645539f71021c52314546af3a70fa6
MD5 hash: 0a537d6cda15fd1f2e99ba2ac41188ee
humanhash: one-hot-march-fanta
File name:beneficiary details.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 09:57:40 UTC
Last seen:2020-05-22 10:52:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b3bfc43fde343d8f3410181af51938ab (2 x GuLoader)
ssdeep 768:l6G4AckBsLVwsjDW4hxMSTjG3/HNApFmsF+awYO2Su6A:VKyGVwmWsxvnGvNqFZFXl
Threatray 189 similar samples on MalwareBazaar
TLSH EC932904B55CECE3D9108EF289124A8C55EFBD701D948B1B34DE3B2C693628659F93AF
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: lpbindia.com
Sending IP: 37.49.230.204
From: "Michelle Adalbert" <gautam.maity@lpbindia.com>
Subject: PAYMENT SWIFT
Attachment: beneficiary details.Z (contains "beneficiary details.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1F-2XEdYtJcqVZCfE7hiWB125f8fzm-5d

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33883016.10633.30031.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 22:03:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1baac8b88ecc811192cf8c2a7c170153ad350646265225f0d4a0ac351a1f197a
GuLoader
2a9ff7b8ca6a12f714779ecdcd2d86ccf9ad03da04de4a45aa8c3c97b7209c8f
GuLoader
3a634787ab309093ac690ecbaa012dcc5b3f803dece4448be3bc97132c2a485b
GuLoader
4fc7415e4a84d6645a11260c1da7e68ed8a6a2a941cd706fc7060912ba4721ed
GuLoader
5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8
GuLoader
a9933b87a7005503dc8cdaaa5c47c733e12bee1a65f8adfd9563805ea6aaac58
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b228d75e595d01315f96909833ea8c7cb694dda499c54aaf3e261d2c7275cba5
GuLoader
d3841ea334da706d4b747eb155cac753018b0b4fd22da4286d935b06cfccd580
GuLoader
fdd5093396ad658edb3b5ebd26f9760100773b33c615012df934e78a2009885d
GuLoader
+ 179 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kvaxvb284x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z 2089ca82a514b0739c0b6201fdcfff92dd8f9d9dfd84d3e015b1e4543e60ac1c

GuLoader

Executable exe 7f778b8e3a796983fed9752ce588632eaefcd06d0ddc0eb346869829a14fdd00

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366459/
  
Dropped by
MD5 3960108bb3b44f6a656a387d6373b9a4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2089ca82a514b0739c0b6201fdcfff92dd8f9d9dfd84d3e015b1e4543e60ac1c

Comments