MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8926bb6b6590a5a180cc10a7cedfb5df1e5d12013aeb23224bf917013ccb25a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8926bb6b6590a5a180cc10a7cedfb5df1e5d12013aeb23224bf917013ccb25a2
SHA3-384 hash: d3381b3a4f7acbbf6d3215281438069c2cee589ed060c659a006e5a81123dc59bcae7a7db1c6f00fce1ddd6364f84ca1
SHA1 hash: d2d2d0bc7c8889df56d294882d5f9d31862f8bb1
MD5 hash: e3cc225523f68b335d44269e0813721d
humanhash: missouri-magnesium-magnesium-steak
File name:Qutation.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 18:05:27 UTC
Last seen:2020-05-28 19:01:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 25c61347be5147f65802cb7dda8ba41b (1 x GuLoader)
ssdeep 1536:5ROvIN5Ej1A9NXvcw4f4xDj0Pa4C5rX7fplAra8wix92OHGC01Rs2Jfhbyn7S0v2:L9EIvcwNdjRwXIJPxgKsF1oojz0
Threatray 655 similar samples on MalwareBazaar
TLSH 20145A32B74ADCAACA4041F0DCE2D5F80810BC25DD02496B7680BF3E757659BBA66727
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.ucholder.com
Sending IP: 66.23.225.118
From: Corporate Compliance <admin@ucholder.com>
Subject: Inquire
Attachment: Qutation.lzh (contains "Qutation.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21164&authkey=APFBhYl0WwthgIA

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5882/
Detection(s):
SecuriteInfo.com.ArtemisE3CC225523F6.17014.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:21:57 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
3a842ce737983d2dfbdf7974d30373cc0880bf054af84284d7a065ed3548f43b
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
5a44cbe60853b3a9446a1ca10802ee4767cdfca6cf05c7c96ba7799aa91eafee
GuLoader
5f9b8ce62abc0d49b1bb253bd51286151a8b3d3f09fdb9e37cd964f80df26669
GuLoader
a45d9c8d3f5ceb809b8ee497e806d29d6e379ae0603aea8b733096afcf86bdcc
GuLoader
aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37
GuLoader
b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5
GuLoader
c9dae8af9343e2bb59a9c6cbfa04b09bcbffe2a75893d797ec2a9c50c6253afe
GuLoader
cfec3b96406b5c9cee457e736154fe09bd0ffa60ada717f89f9923ecfb4358cb
GuLoader
+ 645 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-cejfw1c7ka/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ef1629492b1792ed9029b15f592b2a7918baa5bb9cf2cb47c8c6cb340e8173ab

GuLoader

Executable exe 8926bb6b6590a5a180cc10a7cedfb5df1e5d12013aeb23224bf917013ccb25a2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371344/
  
Dropped by
MD5 6377ec7d17bb21e6154e0edc35793be3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ef1629492b1792ed9029b15f592b2a7918baa5bb9cf2cb47c8c6cb340e8173ab
Cape
Cape
https://www.capesandbox.com/analysis/5882/

Comments