MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a283013584e013da4231d524de5b6f6a8267ed302ec77e1ff003669c0928613e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	a283013584e013da4231d524de5b6f6a8267ed302ec77e1ff003669c0928613e
SHA3-384 hash:	ed5333409088739fc308a3fa5d967da9872a748c162d20858565aa4afc23154e578f143734d3274b5c9e1113409370f0
SHA1 hash:	e8532ee8fe7f82b2f9c64906ae55b14f4d11e9cb
MD5 hash:	3631a0f06957cbe338ce0519567e8290
humanhash:	red-alanine-pizza-lemon
File name:	Quotation Request.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	102'400 bytes
First seen:	2020-08-18 11:06:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a3789d47e59a45ec67fc971d9895fb96 (1 x GuLoader)
ssdeep	768:uuZuwZFhTy7qqNo5Q2gRRlL5h1ro+EHfi/HRt1UcMeuI:qwZFVyOqNo5QnRJ5hGHK/L1qD
Threatray	1 similar samples on MalwareBazaar
TLSH	1CA38DB333C85C29FEC942376A6AC09891B6AD75158E8B0FAA49337D14327957CD036F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: sme01.small-dns.com
Sending IP: 14.102.148.51
From: Marty Carpetz <martycarpetz@synthetic.net>
Reply-To: benoson@vivaldi.net
Subject: Quotation Request
Attachment: Quotation Request.img (contains "Quotation Request.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1yKHODGCPXiTmEHfQ1DyJHKYo8eWyf5U1

Intelligence

File Origin

# of uploads :

# of downloads :

252

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/47704/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Launching a process

Creating a process with a hidden window

Creating a file

DNS request

Sending a custom TCP request

Using the Windows Management Instrumentation requests

Sending an HTTP GET request

Creating a file in the %AppData% subdirectories

Setting a single autorun event

Unauthorized injection to a system process

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/a283013584e013da4231d524de5b6f6a8267ed302ec77e1ff003669c0928613e/

Threat name:

Win32.Trojan.Quasar

Status:

Malicious

First seen:

2020-08-18 11:08:06 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ukbqcnme4aj5uqrr2usn4w3pnkbgp3jqf3dx4h7qantjycjime7a._file

Verdict:

malicious

Label(s):

guloader

GuLoader

Result

Malware family:

quasar

Score:

10/10

Tags:

persistence trojan spyware family:quasar

Link:

https://tria.ge/reports/200818-jhcbntzcsa/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Quasar RAT

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c452a5ceffc744fe452dabad9781f88ec5cca9960251fe2b950214b7168f8b86

GuLoader

exe a283013584e013da4231d524de5b6f6a8267ed302ec77e1ff003669c0928613e

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/435481/

Dropped by

MD5 7dc612e804a601b4b48602c44bb61c07

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/47704/

Dropped by

SHA256 c452a5ceffc744fe452dabad9781f88ec5cca9960251fe2b950214b7168f8b86

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample