MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d252bafdd21ef871df2eeed20ae4cbf3b6e2f6df268d93ea563b01aaec889baa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d252bafdd21ef871df2eeed20ae4cbf3b6e2f6df268d93ea563b01aaec889baa
SHA3-384 hash: 480746e6b7dab69b7caba944181843ebe38e6f94f1c11f851f2ab9672a5b3af99dc88dab7a930e0f3da5e9016caa75b9
SHA1 hash: d9cbd66db2d8687635a21aba3fa05dcfab8d88a9
MD5 hash: 049034fe9c4dddb2cd1369438d605966
humanhash: mango-bulldog-pip-moon
File name:Payment Copy H001510WHS.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 16:06:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8530f612548728baa4c05aa3589f400a (1 x GuLoader)
ssdeep 1536:xkXFIf0L35333333wE3333tOALBq3333333333333333333333333333333333xq:xkXFCU35333333j3333tO2q333333334
Threatray 5'111 similar samples on MalwareBazaar
TLSH B9835B22B8D4D673E65946B55B75A7B8052DFC3019118B0BB1C43B2E3637A25F83A32F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cernate.com
Sending IP: 37.49.230.203
From: MOHAMED RASITH.B <sales@cernate.com>
Subject: PAYMENT ADVICE AGAINST P.O# H001510/WHS
Attachment: Payment Copy H001510WHS.zip (contains "Payment Copy H001510WHS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.26048.12235.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 11:55:17 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2jjlv7osd34hdxzo53javzgl6o3of5w7e2gzh2swhma2v3eitova._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
163065b27e36ce19e815d862a46534b6b7a048be46562ae48c3811fb35fa3338
GuLoader
16de0aa2d02fae6460bb173c9104df4fa758343ab226aea79a3910dce19fa58e
GuLoader
1b2ffcf595970b69b94816a16890b7f0664f00dfea87fbc0df5abe453baedd41
GuLoader
1b300274b3a285359d3c2c50d221aca75f28e1e972626fbef59454b3fba7f0fa
GuLoader
1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298
GuLoader
4bc2794576ebc0396a825e7b5f5fa26303e79972e7a2d68ded5cd68729288107
GuLoader
900a6f47b5d63eeb95728c0ec9ae469d31564cfbb1849b34549ac0f8de28fcde
GuLoader
9c1501fbd2eb669ccbe4a41e37770191e954e6f0dd3e0a954a0670a91df3917c
GuLoader
9d28d2b3cdf1132a476d9369c8226dd825be71fff0fe59de8eabc8771e4333e7
GuLoader
b1809788389e6fbab24abc12b306b2cd4d88a59b983b5a469a63d923e572fa6b
GuLoader
+ 5'101 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hsn7dv8gvx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 573db1e49b05667e81692a93ddd54c6d992c5a36e91465401c3a713b86aafd19

GuLoader

Executable exe d252bafdd21ef871df2eeed20ae4cbf3b6e2f6df268d93ea563b01aaec889baa

(this sample)

  
Dropped by
MD5 8a88770bb9598e9f895a3e343ebac62c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 573db1e49b05667e81692a93ddd54c6d992c5a36e91465401c3a713b86aafd19

Comments