MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7415cf9fb2fe27d40a8de1d356880512066a99bc7355f380b38c83e8c4103ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7415cf9fb2fe27d40a8de1d356880512066a99bc7355f380b38c83e8c4103ae
SHA3-384 hash: 1dca1d4165ddf333151aed902c6b96641f5451699b2e1137d16bf5746684d0b0775919ef44a615500863e2bf9923e9bd
SHA1 hash: 1ba22941d517585e90d9c04176a681e21a8d4137
MD5 hash: ee11812f981f7c67f5f1de3130358a1d
humanhash: blue-oregon-triple-orange
File name:SWIFT_IN69846753789648759ONQ_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 15:24:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 272dc8de0e737f36e922be8c15b66227 (1 x GuLoader)
ssdeep 768:Bo2od0O+YeBuvPM6nJOo3vyxRnOEXUKsNEhKAmqfUjeEUSHHzCV/:CbLP3NvEnOOhpmq8jeEDW
Threatray 128 similar samples on MalwareBazaar
TLSH F7833B27B4A0E173CA8D4FB56F62A7AD051F6C3099428D0BB4C6371D3B36B51BA2531B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: nctr148.trdns.com
Sending IP: 77.245.144.119
From: Standard Chartered Bank <AdviceIN@sc.com>
Subject: SUBJECT: Advice from Standard Chartered Bank
Attachment: SWIFT_IN69846753789648759ONQ_pdf.img (contains "SWIFT_IN69846753789648759ONQ_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 15:36:06 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w5avz6p3f7rh2qfi3yotk2eakeqgnkm3y42v6oalhded5dcbaoxa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2090ef501bf30eff58e65ff4491b5a913e5e105ff952b6d26b3e5ccf9e251cc9
GuLoader
2eb11af6d3282bc293586d723b4f411157975c6a7464bc7fecb0f11a2c8951bd
GuLoader
7e5b0829c6ff31260033e79d4172ef09efa4c6667a99c97b8ec82d614a68a241
GuLoader
98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e
GuLoader
99a25991c82e15ee5b4db6c8aaa9b11193b2c293e1e4951e4e4cdd8a4c853670
GuLoader
b0240d2ab275a142c3ba13632ebb00fd6cba189613ca85e4d800eb640ef0cd9f
GuLoader
ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428
GuLoader
d252bafdd21ef871df2eeed20ae4cbf3b6e2f6df268d93ea563b01aaec889baa
GuLoader
d592bb92973f49fb3527a4c61b35a6ab29fd928b140b6dc1d01d5cb47288636c
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
+ 118 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-zpmjgzqse6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

39e44d38bc3118f6544e24222f14b459

GuLoader

Executable exe b7415cf9fb2fe27d40a8de1d356880512066a99bc7355f380b38c83e8c4103ae

(this sample)

  
Dropped by
MD5 39e44d38bc3118f6544e24222f14b459
  
Delivery method
Distributed via e-mail attachment

Comments