MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c3d7cd117d98d92e834d53374635acaf20a51a32888642eb621f5225bd9e29f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c3d7cd117d98d92e834d53374635acaf20a51a32888642eb621f5225bd9e29f
SHA3-384 hash: ac67e89b87732cfb38a1b669f26e590c4a4914aedf7f9806fc6de6b03c430cf312c6972f5174b977ba71d3bc6b0902fc
SHA1 hash: 8c1683f4a73cfa191449067d52765c51790fd7aa
MD5 hash: 1598864808b372c032b1777fd23aa154
humanhash: sodium-rugby-timing-salami
File name:INTER-PIPE PURCHASE ORDER_02062020_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:15:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1c17a9ab30689ec1858f6eea575eae0c (1 x GuLoader)
ssdeep 768:l4hc7416N8lBR2zDRMgi/xhB6BJLaB0G3w+1T2eq0hNQ35Kdelelj3i:l4FO8lLENi/xhB6HeB0EJdhNQpKoeg
Threatray 1'117 similar samples on MalwareBazaar
TLSH 0B734B17AE088A22E6B042B11C77C7BD2F16BC0C4A861A4B395EAE57FF313719C5D61D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: s1.smallhost.in
Sending IP: 103.46.239.70
From: KAMAL SHIPPING CO., LTD <contact@kamalcontainers.com>
Subject: INTER-PIPE PURCHASE ORDER NUMBER 06022020
Attachment: INTER-PIPE PURCHASE ORDER_02062020_pdf.arj (contains "INTER-PIPE PURCHASE ORDER_02062020_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1emdeFT0ppBWGwMGoh2tGfD7cpkKDTuPU

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6069/
Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 19:42:00 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rq6xzuix3ggzf2bu2uzxiy22zlzauundfcegilvweh2sew6z4kpq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
168cd5b5e4d1dfec48777cdc97b74c7b33dca67d176f9add9bb94fa89905db38
GuLoader
32922de2503537acaf01c6ea91ecbbf5af81282f1847110792464144f34451c2
GuLoader
4c83cd741a7210492c0146135bd247c08aac84ce75b26e520c1e74f806d71452
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
900a6f47b5d63eeb95728c0ec9ae469d31564cfbb1849b34549ac0f8de28fcde
GuLoader
9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4
GuLoader
9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
bb137c0c0742c9ed929b15effefaf71351c1a021e9c0f573f864eff7433a5218
GuLoader
d9b7293da93fe26342d47b1f00180746b3ee0ca251965e199996ad38c82fa422
GuLoader
+ 1'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y5gv27gh9n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8260ca2272dc315e99db6054fd6cc9b1e221a1183198dee3764fcbe15689245a

GuLoader

Executable exe 8c3d7cd117d98d92e834d53374635acaf20a51a32888642eb621f5225bd9e29f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374145/
  
Dropped by
MD5 84985d8c9d13dcd0536cb1348a8b0a4f
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6069/
  
Dropped by
SHA256 8260ca2272dc315e99db6054fd6cc9b1e221a1183198dee3764fcbe15689245a

Comments