MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 883f3aee2a5fbc449a9f67c9a35dbbf74ddb22e5e9e8a08c9671407bcf5c781f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 883f3aee2a5fbc449a9f67c9a35dbbf74ddb22e5e9e8a08c9671407bcf5c781f
SHA3-384 hash: 55a79e1574af22b2b63331edbc207e29673a4c30058e4b2c245b384c4f98785718b647126277720cee10d997641eb27e
SHA1 hash: 0102131f4b6b644a33a954a43ef19eb113d5ab4a
MD5 hash: 70af4a1c3819790767c583ba67e73105
humanhash: video-bluebird-london-cola
File name:Rfq-00204794.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:29:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 247454b53c7d2f46530ca169ab83270f (2 x GuLoader)
ssdeep 1536:1RSPfxV40yw/2zsYMioh3kgrKHxLdGKc+o0FDHdZ1gIv73LRwtbdAMlQP:aPX9ssB/KVdhjFD9znaVlQ
Threatray 654 similar samples on MalwareBazaar
TLSH D0B38B07EC4D8643D0444BBD3D178F793A1DA90D0D405BEF7679AEABAE322412CAB11E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: AMBITIONS PRODUCTS LLC <elif.celik.cesa@mail.com>
Subject: REQUEST FOR QUOTATION AND INVOICE FOR IMMEDIATE DELIVERY.
Attachment: Rfq-00204794.pdf.z (contains "Rfq-00204794.exe")

GuLoader payload URL:
https://wtstransit.com.sg/wtstransit/nbin/bin_xIJptEf45.bin
http://urquilam.com.ar/ihaus/includes/domit/bins/bin_xIJptEf45.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6323/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:21:54 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ra7tv3rkl66ejgu7m7e2gxn365g5wixf5hukbdewofahxt24papq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04e3c79bdcdc18cb3f7a7aa37ff10534fcd33eebfed20d65b71435fce06986be
GuLoader
335d8ed00053696daafe3bf49972b52e1db2588c913d6de0e14e6fcd158d90c5
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
77b78883671d865b91db205f68f7e5e69c9ad68687f8696f390a9b4b1449090c
GuLoader
7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
GuLoader
87f0608e17f3f39e988ac186a431366e1de35968b89943a03f6681e23ab5b684
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
bbe2a604c11442ee74adb7fa17910ca8e5665ab463e4a45b478707faa3a284e4
GuLoader
d571629d266c5354146cdfe698d79c88c33e598aa6c8d9a0587662c6b5421ed2
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 644 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jyrx9p2etn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z ddceea0be6382d1730352489594d52bb65e6d9a1e3b130bd990c3027a22cee14

GuLoader

Executable exe 883f3aee2a5fbc449a9f67c9a35dbbf74ddb22e5e9e8a08c9671407bcf5c781f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376172/
  
Dropped by
MD5 dfc5efcd678f743dfa5eb746226b8603
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ddceea0be6382d1730352489594d52bb65e6d9a1e3b130bd990c3027a22cee14
Cape
Cape
https://www.capesandbox.com/analysis/6323/

Comments