MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d592bb92973f49fb3527a4c61b35a6ab29fd928b140b6dc1d01d5cb47288636c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d592bb92973f49fb3527a4c61b35a6ab29fd928b140b6dc1d01d5cb47288636c
SHA3-384 hash: fe168c6551839849a0381899dd71045ebd58487a155357965ff0d95f74f9b80b2cf7573f5d89db7e466ece56a9f964ff
SHA1 hash: c7cb560bbae65b5cf2842d5f15b6998a48b63c2e
MD5 hash: a23014d6b4f8b66b3d38769ca82ab2b5
humanhash: lactose-georgia-low-spaghetti
File name:Al Zahrawi Medical Specification.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 11:56:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a4fcdec54c2835c258fcce9141ae31a3 (1 x GuLoader)
ssdeep 768:Ej94z3r8N6uisiLCuEnWBnh5heiXKYK0g8w6guCH7unxs7bDj7qpZ2p:+47QNf7i0nWZh5XKYKCQudna7vPqmp
Threatray 1'030 similar samples on MalwareBazaar
TLSH 4C835D52B4E8E133DFE8CD795B6293F9920EBC3518468D1730C13BDD197A640E96231B
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: nospam.grambanglasystems.net
Sending IP: 202.44.110.241
From: reza@kungkeng.com
Subject: KN95 Protective Mask
Attachment: Al Zahrawi Medical Specification.arj (contains "Al Zahrawi Medical Specification.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.5940.29359.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 12:42:09 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2wjlxeuxh5e7wnjhutdbwnngvmu73eulcqfw3qoqdvoli4uimnwa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
3667b7518f2634bfd589f12fe1fd6e7ec1701030529dd3ece0b04705e76e5e06
GuLoader
40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2
GuLoader
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
GuLoader
70e8b249ce476ea3ff1c233de9eef9b9f1e2ad1da22c1bb3e16acc20eaa0e9a2
GuLoader
9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12
GuLoader
c688c6b0f5bd44c8d37e810000892ce8d0e2225f1dd04a92d454fd60c7cdc779
GuLoader
d1148a8f019b2b901f2c089bd7e77eb55c61efa5d6cbfb65e4fa1868476c9dfe
GuLoader
d252bafdd21ef871df2eeed20ae4cbf3b6e2f6df268d93ea563b01aaec889baa
GuLoader
da52dddf3fb5de8859dd962bc96eeb267fc4e723682c3defec35672be1441e5e
GuLoader
+ 1'020 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-h22g7cqav2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

76ab28a99239902472119018894fc06f

GuLoader

Executable exe d592bb92973f49fb3527a4c61b35a6ab29fd928b140b6dc1d01d5cb47288636c

(this sample)

  
Dropped by
MD5 76ab28a99239902472119018894fc06f
  
Delivery method
Distributed via e-mail attachment

Comments