MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7ffd915a436362423fa08dcf1a834414c49aac7dc8357f460252d36e073da8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7ffd915a436362423fa08dcf1a834414c49aac7dc8357f460252d36e073da8c
SHA3-384 hash: 59170d54da285554a4cc82dceb8cbcb8b57798b19bd839778a7ccfb547ef798dcf9aaecada8a40dc86a4ff7a6764c430
SHA1 hash: 76597a0475c56dff0782dde6a412b36c403e9370
MD5 hash: 44f6b6cbe28f768bede398c515163c6a
humanhash: lactose-carolina-mountain-nine
File name:Bestride.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:32:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1cc5e4409f9ce2ba12b08f9a89c6a2f8 (8 x GuLoader)
ssdeep 1536:ZASPfxV40vfGJ5/kgrKHxLdGKc+o0FDHdZ1gIToovLYbnL2VJ+PIV0:ZpPXv+fKVdhjFD9zPvCLOV0
Threatray 594 similar samples on MalwareBazaar
TLSH 53B37B13EC0D8A13D5648BBD2D179E793B1DA81D0C405FEF7179AE9BAE312422CA711E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: panel.oversea.email
Sending IP: 2.56.8.253
From: info@oversea.email
Subject: Pagamento Recusado
Attachment: FA2020.05.096447.DOC.IMG (contains "Bestride.exe")

GuLoader payload URL:
https://onedrive.live.com/Download?cid=3BCD34D8AC2D7789&resid=3BCD34D8AC2D7789%21432&authkey=AA_NpSuPYqB2kgE

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6332/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:58 UTC
AV detection:
28 of 47 (59.57%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y775sfnegy3cii72bdopdkbuifgetkwh3sbvp5daeuwtnydt3kga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
7d53275640b52b08bb54259f6bc85edad2dfe30b6b5f9cea9ddc8d7469d97cd8
GuLoader
7e98c02b3b0d153b545560bc9a97b3b62ea45d03bff96410c2a3be4e50129b87
GuLoader
8eaac79108455d13b9ba6696108a2f5a734c02463b208a5d399d3a70ea792498
GuLoader
ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4
GuLoader
d2e24bc0bcfa7c04b2e8a382a6ead3200ca865a771144d29d778af86559cb0ae
GuLoader
d571629d266c5354146cdfe698d79c88c33e598aa6c8d9a0587662c6b5421ed2
GuLoader
f0904d56b0d621156adf1d4449d1b445e6d45eec9c0a4b09e22f9bb95a185955
GuLoader
+ 584 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jzxeq3rvp6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ada153aebeaff42fc3b316acb6a8aaf1b996e0f8c306b47273e5c2269dabe1ad

GuLoader

Executable exe c7ffd915a436362423fa08dcf1a834414c49aac7dc8357f460252d36e073da8c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374274/
  
Dropped by
MD5 01ecdc7ebe31ed3fbee31d5108467b5f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ada153aebeaff42fc3b316acb6a8aaf1b996e0f8c306b47273e5c2269dabe1ad
Cape
Cape
https://www.capesandbox.com/analysis/6332/

Comments