MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
SHA3-384 hash: c1d49a935ebc7780a5beeed4c5e3d2d93f6bc08a9ed95f30da2cf3c3383ae8228f69d91b8c9e88911a28e1551c42f754
SHA1 hash: 61c7546580713c5f7bcd0852aa6f209ca05212df
MD5 hash: 78d33a1b238a86a23b8d0acd7f04a4db
humanhash: whiskey-zulu-avocado-alpha
File name:e-Voucher_#UP7203052S.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:163'840 bytes
First seen:2020-06-02 11:00:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 33bdacf4b84babb7d552d0f1a3af3a32 (2 x GuLoader)
ssdeep 3072:HWElLMu507k2rT2pNeZB0b7nx0RGs7GgaD1UA2n3KH23vJwvTVIvVZT+8Ay:HNI7eK
Threatray 1'722 similar samples on MalwareBazaar
TLSH C3F33B53B9468482F41145B14D4BD6902B75BD2F64926A1FB24E3F1BBBB231310FAB2F
Reporter abuse_ch
Tags:exe GuLoader UPS


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: theusp.online
Sending IP: 45.63.89.156
From: UPS Express<delivery@theusp.online>
Reply-To: delivery@theusp.online
Subject: Package delivery
Attachment: e-Voucher_UP7203052S.img (contains "e-Voucher_#UP7203052S.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1L3x9zeeZYBqVVS6qFrPHfkn6pOq3M6pB

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6050/
Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 01:08:54 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zcbmyqroia4waczr4u7dnhyfwko4txjyzk3w7lhprjbk3sgte2zq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04fb4d7876dc1e4c31448a62dbc77223b453fb6abd187c92f51658807c21eaa5
GuLoader
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
GuLoader
57aa81416cfdbd76df2a15cb14810f8529ecab0eea978210a4ef3047f35a225e
GuLoader
99a98bc6f2caf5e6fe3e6ada1af35586392ea48a28bc601522bed98454cc6af6
GuLoader
a1ca46a8c41e45116351ecd3926bca9bc16b95a2aacecc100a7c62716e8f1274
GuLoader
bf4ede92655d037060651e09ac68d10895eb8b30617715173a4237b1776429c0
GuLoader
cec38c876e658a18717696c04a1d0cb58a47b715403ddff8f91726abf01823f6
GuLoader
dedad3d7a97da9f0103dd87d86a422e38f581879c41ab07594d141eb303d2de9
GuLoader
e2784c7f18addfe3cf107b35eae017eb8d02025fec8bc9d235a7ba598fcd9b62
GuLoader
f2f2480af56f120f4d1f6586940ed898766a86509a2de41c5fea7f305d21b6fe
GuLoader
+ 1'712 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-s8c6wnzz6a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 7e01331f3bb057cf4c1403dea2088a6bf5be2fe914c74abfb96cce6e04e0fd25

GuLoader

Executable exe c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373526/
  
Dropped by
MD5 2a1ac1d8e82a07f6f94440aae1a2bae4
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6050/
  
Dropped by
SHA256 7e01331f3bb057cf4c1403dea2088a6bf5be2fe914c74abfb96cce6e04e0fd25

Comments