MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14
SHA3-384 hash: 342490e1fd0db7997a3a607f483f3eac77b4d1d632644d8fb8a6f80e7b1fe07d37e5c21c47c5e4ca535ed11bcb3f05c9
SHA1 hash: 5e4d035c40f6d35eed903adf6bf20e271c4e1919
MD5 hash: 5cf75552d077ce4ed73aa8b258e4f6de
humanhash: mirror-london-venus-butter
File name:QUOTATION#89234A_2021_LISTED_Shipment_0022404ITEMS_DUC_PHUCS_IMPORT_EXPORT_CO.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2021-01-14 06:55:35 UTC
Last seen:2021-01-14 08:53:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f08e2fa188bfdb85d74117a6c20b7544 (14 x GuLoader)
ssdeep 768:Cw/kgg2N2+bkPl5QlRxhf9SLuUPoyVZQW1brj383:CwcggsvbkmRxp9S9wyVZQW1vj3Q
Threatray 4'709 similar samples on MalwareBazaar
TLSH 0F83A5ACF766DCB2E74E443299083798C6C292A3E2569539F409AEB4CF737440D5836F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vm1752843.nvme.had.yt
Sending IP: 185.244.219.92
From: Traân troïng (Sales Dept) <sales.phatdt58@gmail.com>
Subject: REQUEST FOR QUOTATION (RFQ#38787-A)
Attachment: QUOTATIONRFQ89234A_2021_LISTED_Shipment_0022404ITEMS_DUC_PHUCS_IMPORT_EXPORT_CO.arj (contains "QUOTATION#89234A_2021_LISTED_Shipment_0022404ITEMS_DUC_PHUCS_IMPORT_EXPORT_CO.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=A951308400164DD4&resid=A951308400164DD4%21109&authkey=ANqaiU2I-EAdxcs

Intelligence

File Origin
# of uploads :
2
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
QUOTATION#89234A_2021_LISTED_Shipment_0022404ITEMS_DUC_PHUCS_IMPORT_EXPORT_CO.exe
Verdict:
No threats detected
Analysis date:
2021-01-14 07:04:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/347bdf1f-d725-4248-b6a1-104f6696bc6d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111939/
Detection(s):
SecuriteInfo.com.Variant.Midie.78372.10767.20790.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/580938
Signature
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 01:46:59 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vloyqev5xpsihu3dlrmby5tr2o3tu2ok2dvg7eg32vqxxozjr4ka._file
Verdict:
unknown
Similar samples:
15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a
GuLoader
15b394d8f614faf02d551b0034f2882c052587d717fd4e0966919aeaf1e7ae87
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
7030c2032fc9a3b15dc8720636f25403873ca65156611b7ccaa2928d716874b3
GuLoader
88bbc0ebc2a2116be2d6b435e5d5df2a4467eae44c927de38fefee1950d9b0bb
GuLoader
ab4b09899d64fde8ca45f853009a739bfc0d75ad404d1cbcab7fc381169a1612
GuLoader
bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743
GuLoader
+ 4'699 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210114-zp3xaq2xma/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14
MD5 hash:
5cf75552d077ce4ed73aa8b258e4f6de
SHA1 hash:
5e4d035c40f6d35eed903adf6bf20e271c4e1919
Link:
https://www.unpac.me/results/cb09ae8c-9fb1-4385-8245-44eba0196eb4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 6c11aaf9b9b53af181c33bc57132343c09a92c020617d799941625d3ee9252e6

GuLoader

Executable exe aadd8812bdbbe483d3635c581c7671d3b73a69cad0ea6f90dbd5617bbb298f14

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/959921/
  
Dropped by
MD5 4fe360c9b3ec52ef7fa395fb00d948fb
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/111939/
  
Dropped by
SHA256 6c11aaf9b9b53af181c33bc57132343c09a92c020617d799941625d3ee9252e6

Comments