MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12
SHA3-384 hash: 6b08082ad006f1980406a7f939097e6563f48b74e4824115b04b6bb450daea354092be1e4df2b5156315160957313f7c
SHA1 hash: b9f948f8f8ce48412191114c6feae5ec05e14093
MD5 hash: c5b4af93732e9ed19e5c144a403eea95
humanhash: burger-tennessee-indigo-yankee
File name:HSBC Bank_ Payment swift copy- TT MT103.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:54:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4eb269bd9f969304a645a7830c962b04 (1 x GuLoader)
ssdeep 768:Rnhw7+QwcYEfOucoILJQD3/c4dlEdH9DO56ablPeYEVqyofcrmIR:sYEWFoiJm3kOlEbOxQYCqy5V
Threatray 5'306 similar samples on MalwareBazaar
TLSH 31933A2671D4D5F2E2194EF12E259BA844AFBC7AAD06C82B76C07F6D1631B13A43131F
Reporter abuse_ch
Tags:exe GuLoader HSBC


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.pintaras.com.my
Sending IP: 101.99.66.114
From: HSBC BANK Reflex Cash Management ( China )<Shanghai_swift@hsbc.com.cn>
Subject: HSBC Bank Payment swift copy- TT MT103+(REMIT)
Attachment: HSBC Bank_ Payment swift copy- TT MT103.rar (contains "HSBC Bank_ Payment swift copy- TT MT103.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 00:00:42 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ts7fbf6ua4jtsbbzw43kzehxvqai3mirrcu3rufnid7mhhk474ja._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
6f06cf7295e9301a4358854569f7d53dcf77319a94a76b45e60ebc72b88c2087
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
c906a842516c0b1b052768b573c44fc42d24e0abc4d89ca8e4afc2559adaea1d
GuLoader
d720a410d804f04fbc099bc1cecbac2bdf37944a84662442fe98cd0945b59ade
GuLoader
ec5b7c7c61e8282e08ca88732af9355470cf4c3ada79a3c25137fb16aa0c0b54
GuLoader
+ 5'296 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m765ys1nne/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 664685df924e282db793573f4988a43c265927bb5268f3d2f608c1dc7426f0cd

GuLoader

Executable exe 9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12

(this sample)

  
Dropped by
MD5 0560328314e4e57d888d8f0f63ae662d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 664685df924e282db793573f4988a43c265927bb5268f3d2f608c1dc7426f0cd

Comments