MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df32989919fcad268fd0f027d04480119f73b4142eb63031c2f103b54608fa3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df32989919fcad268fd0f027d04480119f73b4142eb63031c2f103b54608fa3d
SHA3-384 hash: 7ad2d1d95bbbe4633d9e31b178eb5d6114fbfcc34a6b3f5972c527a946792dab352385a7b0aa35ab139fef159a1ff46f
SHA1 hash: 11415bf2be8691d487d5358930199a62e0163529
MD5 hash: e541c8254d60bf94c1b7c155a448f6d3
humanhash: mango-mississippi-stream-aspen
File name:TNT Original Invoice.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 14:26:33 UTC
Last seen:2020-05-22 15:48:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a7730cb7e4edea3ead95acba8b2abaa2 (1 x GuLoader)
ssdeep 1536:JxLSc5pzet2CHW9gq5d2tkRDVY4vGM1W1G:JF5VeYCH0dfDqvm2G
Threatray 92 similar samples on MalwareBazaar
TLSH B5932725F8A4DCB6C8248FF15D368B68046BEC711F614A0375C97B5E2B37A8EA670347
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 14:36:01 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0a6caea4ce7bf55029e1f01895a6c653fb2c5166f76dafcf94956dd8915e4eab
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
6b03cfee0a25254f46bb2c3138ece41f2c0255a70141e3f457389e07120a153c
GuLoader
76021aea3ce29a8755d97b4c13d16a7bcb9eb0bd6e1a2d1df62ffeb8fb9397cd
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 82 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kv39128s56/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 05131c6842be812a0925a65662b1e0c6ac5ac25327352be01c18169618aaeab5

GuLoader

Executable exe df32989919fcad268fd0f027d04480119f73b4142eb63031c2f103b54608fa3d

(this sample)

  
Dropped by
MD5 6d4b1e817357f6050257c0e989c2973a
  
Dropped by
SHA256 05131c6842be812a0925a65662b1e0c6ac5ac25327352be01c18169618aaeab5
  
Delivery method
Distributed via e-mail attachment

Comments