MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
SHA3-384 hash: 17416369ec6639d333823be61002228c37a7bc00c29f13298fa845c91ace4cda8b785356969fc067a1430c0c07f8445d
SHA1 hash: 27e40224c49db86b2d33a3f62f1e9ca8c1513664
MD5 hash: dac06d54b922c493a3ef0a9c30b0cfd1
humanhash: double-oven-zebra-east
File name:Payment details.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:33:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 57f939f0b172c49363774200e3ce3d06 (1 x GuLoader)
ssdeep 1536:P2Dwq91YSqxD9ALMmjMTVk5jLVbDVnz3U:PetqmndBVnz3U
Threatray 5'148 similar samples on MalwareBazaar
TLSH 63A31C21F590DCF1DB258ABD4D75467C162FAC304A15CA0B74C57B9C0AFBA89EC6131B
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: control.yourdomain.com
Sending IP: 168.243.232.218
From: Lenito Gonzales <port.jf@r6.dion.ne.jp>
Subject: Re: Customer remittance $85,217.58
Attachment: Payment details.rar (contains "Payment details.scr")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1cZQVOyqZ1CMgMpV4pMvJlAYyqWL8AURP

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Fareitvb-7861010-0
Create hunting rule

Win.Dropper.Fareitvb-7861078-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:36:34 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zccnz5h2aa2z522r5llhzva5tjulohyj4nmi6a2fmjco3wvdn6qa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
03d585ea89f4e62bc18d42d1fadad0b02faca6d68c831e79fb542e9efd183f7a
GuLoader
08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b
GuLoader
26578480a0124210e78362e63cb2fb0d2998a47e6b1d8f43cbe787caba1ac5b6
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
9d74a45140396715c309ac076839d0abf83ad6e55a4c8fa6cdf6e9cb4dec8cf6
GuLoader
9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737
GuLoader
c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
GuLoader
e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3
GuLoader
f8eba2fe120aa64939010e6c31a63a7c12e97952c55bd29fd441f2139d9b7acd
GuLoader
f916b2daa9c47caa84bdab905de961a60ebb0f4fbcb3b3311eb429b7dcbaed8a
GuLoader
+ 5'138 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hjn8yy5l8x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 670db79e36936cf51f3cd3177778df4eb11cd8de79cc13c5273d53841833baa9

GuLoader

Executable exe c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366048/
  
Dropped by
MD5 dc6d76c83b9532ad400089ce94f107d2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 670db79e36936cf51f3cd3177778df4eb11cd8de79cc13c5273d53841833baa9

Comments