MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96129a732367c8941e02dc5c95e4b2e0e442f7188545412b8e1c98d383cdd1cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96129a732367c8941e02dc5c95e4b2e0e442f7188545412b8e1c98d383cdd1cf
SHA3-384 hash: 9a4c4c1f80459170fb1c2291b566afe3cd648455185ee1ed606fab7e3c0180f43c4e39219e8d9a72d1abeacd524b2991
SHA1 hash: fdffd0726bba6f3f251f558e9acd29bea557a4fb
MD5 hash: b03e874c6885053efb3ebb2eb9fd0219
humanhash: lake-salami-twenty-michigan
File name:consignment invoice·pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:15:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8e40cfeb26871555a8a91c6fc569218 (6 x GuLoader)
ssdeep 768:Ulhc7416N8lBR2zUt/xowVKrbqqHmI4pKtkgaBTuRnzu+cbR/sbxMRnz3:kFO8lL/p+b6I4paMBBLbR/o
Threatray 869 similar samples on MalwareBazaar
TLSH 0A735A17AE888A52E57046B11C53C7AE2F16BC0C49822E4BB48E6F57FF32771AC5D21D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sv1.f5solutions.ro
Sending IP: 185.84.65.209
From: TNT Shipment Notification <shipment@mail.tnt.com>
Subject: TNT Consignment Notification for 243740512
Attachment: consignment invoice·pdf.zip (contains "consignment invoice·pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1D5PjbN9HnUCh7an9YFSMXn5eyJ7Nh0DA

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Lokibot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6072/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 16:51:58 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=syjju4zdm7ejihqc3rojlzfs4dsef5yyqvcuck4odsmnha6n2hhq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4c83cd741a7210492c0146135bd247c08aac84ce75b26e520c1e74f806d71452
GuLoader
5f55b8d8191c4701fb0a4c44245d8ffa387c74ef7a5a68267104a614defb3d07
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
8c3d7cd117d98d92e834d53374635acaf20a51a32888642eb621f5225bd9e29f
GuLoader
900a6f47b5d63eeb95728c0ec9ae469d31564cfbb1849b34549ac0f8de28fcde
GuLoader
9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
a8c03f50ff8217b8e4fe7e650360a566003875d0a943af2f2b3b895908872e4a
GuLoader
d9b7293da93fe26342d47b1f00180746b3ee0ca251965e199996ad38c82fa422
GuLoader
e6e85c7dee15e68872a6579cc8af8c01662316db6f6af8132ef178c643d66881
GuLoader
+ 859 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3vq4yxm8yj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip e604ad9f0cc6393b1aa5ddca624260615f54f497192c9becac0b2233b05e50ae

GuLoader

Executable exe 96129a732367c8941e02dc5c95e4b2e0e442f7188545412b8e1c98d383cdd1cf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374276/
  
Dropped by
MD5 d5babbd3505376ebf85de5ab9cd0245a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6072/
  
Dropped by
SHA256 e604ad9f0cc6393b1aa5ddca624260615f54f497192c9becac0b2233b05e50ae

Comments