MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb108b44f7c1ce27111e05df5b00d405abd180fc46d280b78e9a137fd9858dbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb108b44f7c1ce27111e05df5b00d405abd180fc46d280b78e9a137fd9858dbe
SHA3-384 hash: abe9c08ecbd0d3b38b690f421edac3b0e774001a91fd4d9a11d1a9682c7f874d68c9d48bd28e1f2acb1f886382e98d9a
SHA1 hash: 759b256b9ea16260c61825483ebeb5ab76369cae
MD5 hash: e58166bd8454338b43704f5f76f48e87
humanhash: snake-hotel-orange-blossom
File name:PO-K-128 IAN 340854.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-01 13:37:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 988e53c6dc144fcf73766526f41f2154 (1 x GuLoader)
ssdeep 1536:6FO8lLDcsz0aBFcBYhAWmRslMB6L/juowx8fmi:80aBFcfWmRMDzjuowx8fmi
Threatray 406 similar samples on MalwareBazaar
TLSH A5832713EA489A62D12186745C178BAE2F257C0D88816F8F354E7E5BBB313B25C7D31D
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Sales <rmontero@eldorado.com.uy>
Subject: Re:PO-K-128 IAN 340854
Attachment: PO-K-128 IAN 340854.rar (contains "PO-K-128 IAN 340854.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1G4oijZx2VKT3ZmPoyIcg-8dpdAUKbYFL

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5923/
Detection(s):
Win.Downloader.NetWire-7993108-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 12:39:51 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zmiiwrhxyhhcoei6axpvwaguawv5dah4i3jibn4otijx7wmfrw7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935
GuLoader
6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
GuLoader
7d53275640b52b08bb54259f6bc85edad2dfe30b6b5f9cea9ddc8d7469d97cd8
GuLoader
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
GuLoader
ac4035cfb9c8a93c294fe1911bd4cd94ce403d8cdc301fa4bf113144b40d1245
GuLoader
b3c13516ec29dd4219c36a90bb19dd28a3c17d35e72389f11e58e5f4917f23e4
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971
GuLoader
ded1a64ebd165901f2a790ab8d7fd0aa3ae2f97738868d2d1add45e033efe738
GuLoader
f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
GuLoader
+ 396 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pl1gprvf4a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f17eed1cdb75083ec3122405a723ea6c21dfde72b25cd90142b59a8f21f93ec5

GuLoader

Executable exe cb108b44f7c1ce27111e05df5b00d405abd180fc46d280b78e9a137fd9858dbe

(this sample)

  
Dropped by
MD5 89b2f0cd23790b0aeb60666bc76cf688
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5923/
  
Dropped by
SHA256 f17eed1cdb75083ec3122405a723ea6c21dfde72b25cd90142b59a8f21f93ec5

Comments