MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d71832fb38d0d47349178c16d2b961d4d2ffab05fd477f88e335fb60cdd21d0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d71832fb38d0d47349178c16d2b961d4d2ffab05fd477f88e335fb60cdd21d0f
SHA3-384 hash: db03af283cf464c660c70a3ec56265a41a38954c451eb92ea775ecdf8478ab2fe3c8d4d4b8f7d6d47223e9d9ea438e78
SHA1 hash: 0b049c61659280d1f17dea02ab26c4ebed89e8cc
MD5 hash: 6d8cf8684fc8548c64e839671eecab98
humanhash: floor-bravo-solar-equal
File name:INV20200531RFQ6748.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-01 10:50:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f0398b434ae17ecb018f18f59418235d (1 x GuLoader)
ssdeep 1536:1FO8lL8pTmwBqkuOSRCtlEB6L/nRA29Iizfa:UpThpSRCzLznRA29IiL
Threatray 1'088 similar samples on MalwareBazaar
TLSH A7834A13EE4CAA12D66046702C5BD7AA3F15BC0849811F8F394E7E5BBB313B62C6D61D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Jennifer R. Lingad <jlingad@dorniertechnology.com>
Subject: Re:request for PO
Attachment: INV20200531RFQ6748.gz (contains "INV20200531RFQ6748.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1w-dKh4VczoQw7FphLrTtp-tr0-tuqIYT

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5524/
Detection(s):
Win.Downloader.NetWire-7993110-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 09:19:00 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=24mdf6zy2dkhgsixrqlnfolb2tjp7kyf7vdx7chdgx5wbtosduhq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
093e7cd7215e4c58cde245f8febd7ae91c79e3d01786e8166b6627536415dad2
GuLoader
3a865f21dc1c62ee31df28d89094e9e95d480e2bc6b75b3a6543b2906d975a61
GuLoader
4100f196d5289b085ea167afbec9aadbb5105bf46e48b5402f583db123878f96
GuLoader
4515c333f7395af0cbe0c374d8f51cabf9566006860500ed0f223eff497e76d4
GuLoader
8621ba52e2b195af00640ccb8311cdd3a1f421f45496b5d91867fbc309d053d2
GuLoader
893348cfa61e59048f8444685df09b3f6dcb22b84995427ba4cff095ee53896c
GuLoader
ad18dd53e866024606997688a8ba559b119fb7418d30b38c90e182a991333c99
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
e0c1fb97e28bc9944bc045ee772dd8da34a985a9e410764734eacdb35429cd1b
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
+ 1'078 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-egkpp1k9bx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip baee2b375480ea980ffef661568a2076e811636d62f4905609c8e15ee52e63e8

GuLoader

Executable exe d71832fb38d0d47349178c16d2b961d4d2ffab05fd477f88e335fb60cdd21d0f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373210/
  
Dropped by
MD5 5e6261a8e46f4501c0dbbbbd3b67ba41
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 baee2b375480ea980ffef661568a2076e811636d62f4905609c8e15ee52e63e8
Cape
Cape
https://www.capesandbox.com/analysis/5524/

Comments