MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c786900907fb436588483d9e7687c3abc6c0d2a72c9dbd17b5bdc1415df4c34f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c786900907fb436588483d9e7687c3abc6c0d2a72c9dbd17b5bdc1415df4c34f
SHA3-384 hash: 0320a5df36285b9836b18bb1096c73d45a0891b0c0e266b466c6849e4977da70955fae422bb75abd10204a16b23ff9c5
SHA1 hash: 05e6355081539cb5b3b132293925f2c0c8cc7ca4
MD5 hash: 234b6c7bd1f3cdc2ec4db4a56fe1f72d
humanhash: alanine-wyoming-item-pasta
File name:VALEO GMBH RFQ 20GP - 0529SSVALGM.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-21 08:40:06 UTC
Last seen:2020-05-21 09:51:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 33199c2bdcd78863c64edec9f71d1472 (1 x GuLoader)
ssdeep 1536:LzVu86iOxYbskRzFCyC5irUVSRW8ZPCxi:WxY4GhdC5oUVS88ZPCxi
Threatray 5'117 similar samples on MalwareBazaar
TLSH E4932936A574FEB6E97247F25C3252249013BDA305621B1FA6C97E1C0E37B8AF950327
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: poc.pulapint.nl
Sending IP: 134.209.241.96
From: RR Brothers & Logistics <cs3@rrbrothers.cn>
Reply-To: cs3@rrbrothers.cn
Subject: 1st Quarter payment by RRBL released on 18/5/20
Attachment: VALEO GMBH RFQ 20GP - 0529SSVALGM.IMG (contains "VALEO GMBH RFQ 20GP - 0529SSVALGM.exe")

GuLoader payload URL:
http://iloims.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_KzCRv103.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47887.26517.29859.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 03:54:00 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y6djacih7nbwlccihwphnb6dvpdmbuvhfso32f5vxxaucxpuynhq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ffe8a0c22c433b676f40639e236a1c7cc58656be5150f1bd4dc7f24d807c761
GuLoader
4dac6edef78dafb90df3fd12392f3476743ec38556aa72d364c913cb7f866ec3
GuLoader
61e169cb08c5e3b163370cd992574347625e887eca583922412ddfaed2d6bd10
GuLoader
75952934e5ef6bb74f29c3320ef112e219cc953dc5ed8c351d742448f61161ff
GuLoader
8e5e93b6f3eee7f1a08a0420b25105017d3479769e6bf9d6b2518d3abc6b1a75
GuLoader
addd4ba4b4aa754501d638cbbf3c78bec538ca15a72acb5eadc7babfaecfa350
GuLoader
b8ee3458736fa73672b43a4c55e136bafc48b215dcb89dac28b5865ab59fc99c
GuLoader
ba3486ddcb815a5bfae81495f4f48576968b3d6de9f42e0d4358824d7ee583bd
GuLoader
eb3e94888d5e945faf0b570acc1b2a4652f1b92940e8ac1cd62ff756d39aa1a0
GuLoader
ed3318102d772c4dcecfb1e10f37cfd3fdcbaff1d340ba9c2bc5dcfe6383f339
GuLoader
+ 5'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-by3jfsl3ds/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img a404466ac6fdc46c58f66008d85bc33495806aa2c990ba103240306c718fad06

GuLoader

Executable exe c786900907fb436588483d9e7687c3abc6c0d2a72c9dbd17b5bdc1415df4c34f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365780/
  
Dropped by
MD5 376606f71ffbe838f8103b81dcf2f0f1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a404466ac6fdc46c58f66008d85bc33495806aa2c990ba103240306c718fad06

Comments