MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9570f894ec4059802c7b154a4b4dba22a57229a780b375c74a8a3107d9125bb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9570f894ec4059802c7b154a4b4dba22a57229a780b375c74a8a3107d9125bb4
SHA3-384 hash: bde3c60d9d99cb1012c25c0edd2a6b1beab477b40688b8bfa359ef88fcdd8d67bf1f9e0d7276e51878fdfb18dab12476
SHA1 hash: 4c0eb9c03eff1c59f33bb4837be1e0a5119e3add
MD5 hash: 057e4148d200ab59a4e12b57989931a6
humanhash: yankee-music-table-spring
File name:IV-200547.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 16:15:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bd4ccd6da23bc65d4071e17c9a7589e6 (1 x GuLoader)
ssdeep 768:4SzNvUBKXnjQXO1bbdYtS22CVOhcft+T7dE2D:tGUXjQXWbbutS2FycfE7BD
Threatray 5'110 similar samples on MalwareBazaar
TLSH C8834B12B4AC9022D65D8EB52B64D7FA113DBC301922A60B7CC57F7E2637E41DA7131B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: fnadk-36.srv.cat
Sending IP: 46.16.62.46
From: Administracion <info@fedizseguros.com>
Reply-To: info@fedizseguros.com
Subject: Factura
Attachment: IV-200547.zip (contains "IV-200547.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45861.31620.11029.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:37:05 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=svyprfhmibmyald3cvfewtn2eksxeknhqczxlr2kriyqpwislo2a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0098bf2ef8230d9bb30b451868272ffb271fe63a8c248bfc9ce569991c19f279
GuLoader
29247c960e16e376148704241453b7a008a62c050e9d11b2bba111452acb7fa3
GuLoader
4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
aa00f82fb3dd04417a278bc9362becdf39fcb3e4e23893327e16a8792334635f
GuLoader
bbbfb4d66a6d1ff1fb9f476cc8607a2a0b1a0bb27bdaba095a3715489d8e4315
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
de4c63e318ebc447867be364c7a8d9250674a6449935a2eb12fae89543520485
GuLoader
f9389b3ae99666514bbe467217ebd46597e6d2e919f105697a152afe1da73e18
GuLoader
+ 5'100 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mt7xnpkq3n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 407782bc40bc6bd6f7f55e2e4622d98af110d7c025314b0752dcf7a8aa8d1ef5

GuLoader

Executable exe 9570f894ec4059802c7b154a4b4dba22a57229a780b375c74a8a3107d9125bb4

(this sample)

  
Dropped by
MD5 d37eb2e1e4fcda5fad5e7fbde35ee696
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 407782bc40bc6bd6f7f55e2e4622d98af110d7c025314b0752dcf7a8aa8d1ef5

Comments