MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97179c8550506ab7a2bb2f75120e118590df2b842124ab14ef3a3215eb4da7bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97179c8550506ab7a2bb2f75120e118590df2b842124ab14ef3a3215eb4da7bb
SHA3-384 hash: 5a15daa6a0ddb332a66b2986eff0eb937c711bdde2d8036cd29d0790bc914d0dd237d7f26addca010f8a9c38a2d3baa1
SHA1 hash: f192870700b701ca0a74d68f4029002af467028b
MD5 hash: 11db476b10d07987bb929768116cbbcf
humanhash: fillet-snake-harry-fix
File name:Detalhes da remessa 28-05-2020.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 13:15:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 04648504a8f04c815b3f620588d22d88 (1 x GuLoader)
ssdeep 1536:iTaMalB0hTxZEHgB/rndXi4k9Q/50iE5rRms3Th0Nkgn4kawemc1+p0:iersTxZEHgBDdI1mN+Bwemc8p0
Threatray 131 similar samples on MalwareBazaar
TLSH 9F144A22B317ECA5E94104B0ECD2D5F41911BD24CD0B8B2BB6C1BF2E76BA5876964733
Reporter abuse_ch
Tags:exe GuLoader TNT


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vps.cnidcloud.com
Sending IP: 198.38.86.192
From: TNT Shipment Notification <shipment@mail.tnt.com>
Subject: TNT Consignment Notification for 243740512
Attachment: Detalhes da remessa 28-05-2020.pdf (contains "Detalhes da remessa 28-05-2020.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1lpaWEQp26aL7dUlhl5YcwNu_PNwSJtfo

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5859/
Detection(s):
Win.Dropper.Noon-7585277-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:38:14 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
190d8b4baeee83f2a23ce8ed96cc57ce538bbbbed88e69bdfe131ba7438bf3cc
GuLoader
1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
2f0607e123ec42fad4de746e00964b252574247289a31ec96e9c63e93ac683e7
GuLoader
6a6153c0ed8295d63f23fae313939e61eb3f94cd61f7a34a22a6557318f032f1
GuLoader
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dbdfc4a9100fa08d0bb6ca2879febbc5e0db4eca85168dfefb526b584976efaf
GuLoader
+ 121 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1ppq7eel2j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f6b6e6952da86504cff67b9b8fd6eb94a52e239e83707086ad9df8992ca6677c

GuLoader

Executable exe 97179c8550506ab7a2bb2f75120e118590df2b842124ab14ef3a3215eb4da7bb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370987/
  
Dropped by
MD5 132eaac12c8488557c86787d2b0dab65
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f6b6e6952da86504cff67b9b8fd6eb94a52e239e83707086ad9df8992ca6677c
Cape
Cape
https://www.capesandbox.com/analysis/5859/

Comments