MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2dd8076e0be5f411f0677f1e03f7fc9cdae5df7072200d894e7247b4a5f5a2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2dd8076e0be5f411f0677f1e03f7fc9cdae5df7072200d894e7247b4a5f5a2c
SHA3-384 hash: 2d468e7be3bb4dca039028a6929b9e27dae272d3357f2fcf55ecc67b376740f2d04af6989506a715238fa3dbfdacdddf
SHA1 hash: 38ad666087ab4b90c9c6d86e5efe44a432c99d69
MD5 hash: 8ea0b2be2febe4eddf6e453340812694
humanhash: oven-winner-don-freddie
File name:File.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 15:04:33 UTC
Last seen:2020-05-22 15:48:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e3640e71786502ec4d9e27f3161fb10 (2 x GuLoader)
ssdeep 768:r8TmHysPc38ZTwT1gQ4MW9zntO5TGFhGBB5OV5ePSyVO6PNYPUEqso:4TRUcsZzhMW9zyGnyVO6VU5m
Threatray 248 similar samples on MalwareBazaar
TLSH 8393E765B190D9BBCE304FF1A97182A41067FC3539504F23B5C63B2C6A3648ED9353AB
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mx5.chaiyohosting.com
Sending IP: 58.181.206.97
From: <vichai@technoplast.co.th>
Subject: Purchase order.
Attachment: PO 7467.gz (contains "File.scr")

GuLoader payload URL:
http://creativewg.com/feed_sxnWm239.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 13:38:24 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04f1d85359b1f2a91da1cbaf29c0dc00a838e69c018a95bda951cff1c482bfa5
GuLoader
053a140695b51c69a923f0929b0cf46371168d1d7b77d96b0f8da88da976a197
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bb199d304cdc30761b11d28c71fec48596ab117ca094f1f5ad6362da890453ad
GuLoader
c85e13a5030bcd0c8173ef7ff6939690fe9638fa25d3c89cbf1e1e95a89db997
GuLoader
d68f000de2f2dd32bdebb6b810d3d441c5d05de1d11eba965dc2d4ade0768e50
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 238 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-f99hxf24de/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 39ef69d43e667dd123b3ea49a3e16eec2a2219636bf5a5c48369ae27a08ee5b7

GuLoader

Executable exe c2dd8076e0be5f411f0677f1e03f7fc9cdae5df7072200d894e7247b4a5f5a2c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366786/
  
Dropped by
MD5 0607b0b7ff251a8956a68a82277c854a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 39ef69d43e667dd123b3ea49a3e16eec2a2219636bf5a5c48369ae27a08ee5b7

Comments