MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dec9d864332aed8fa899cbbfa85ffb4404744257be8c7bd8ab0a6464df226acd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dec9d864332aed8fa899cbbfa85ffb4404744257be8c7bd8ab0a6464df226acd
SHA3-384 hash: c0b38831f78a49622eaad7a2e7d94d6da008114542e369ff69be5a8f4bb032d64e88298dab4921a3b9bf5f4bfaa2072d
SHA1 hash: b26271a20dc645609793bb53be7567f45bdf1bc1
MD5 hash: 531994fda955de786a6e28b7fb7b0a7d
humanhash: spaghetti-august-white-xray
File name:BID6200289483.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 11:54:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3717cb9b1dfad770e28f49163f4bae3c (1 x GuLoader)
ssdeep 768:WIfx9Oro3Om/HC0jd/IWdNkhkgT4ZNSTvkLufoYHPjCutuq:dj3ZK8dgWkqnLkcLuJDV
Threatray 163 similar samples on MalwareBazaar
TLSH A7834A66B194E662D5468DB39F61E7FA021E6C320D45CA1775C83B1E2B37A81E73032F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: petronas.com
Sending IP: 45.147.230.21
From: M Ridzuan M Ishar <ridzuan.ishar@petronas.com>
Reply-To: M Ridzuan M Ishar <reqionsystern99@gmail.com>
Subject: RFx 6200289483
Attachment: BID6200289483.IMG (contains "BID6200289483.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.27632.31130.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 12:07:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=33e5qzbtflwy7kezzo72qx73iqchiqsxx2ghxwflbjsgjxzcnlgq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0fc76f1453db81e8fa50b7e685827e0f5126c25c91de2a25552af3273bb407e9
GuLoader
149ac2ad908fb039e8fe9f88831ba15c33bcb7cf4f0a4a4d14dcfc610ec18826
GuLoader
2396bd8adfbac94732b360891696656ed6f7f309b3680848e01fffa9305bdd77
GuLoader
2e663786404408fe41a473c75d88cdf5e2d55bb0d262cf5d461348087f4fbbdf
GuLoader
584a478de02fc860c167744004fc7db00f5e298d181d2bf3779d622f97e52293
GuLoader
6014740a30fea5272a80b5f3cbe88ef2b54ddd33d8a37420e5e93a0999d81fbd
GuLoader
8d3e005de2a2653aa88e129673e8996751fbeb0628a2710fe0081e424a13d4ff
GuLoader
93094d62b24b020cc2b39482466e3df5a172d7e35b03fb4dadb120fa1f238fa0
GuLoader
9a461345aa76acd802aebd2426775b952f411c0c1def2ae141f23fe4a16b5e7c
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
+ 153 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-cnrc9sbzyx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

71a1e2465e5beeadbef550716064f84d

GuLoader

Executable exe dec9d864332aed8fa899cbbfa85ffb4404744257be8c7bd8ab0a6464df226acd

(this sample)

  
Dropped by
MD5 71a1e2465e5beeadbef550716064f84d
  
Delivery method
Distributed via e-mail attachment

Comments