MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e32b19defa57e19febd2491db084e5de4efff2b8c59b56a379ff8110c0389a3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e32b19defa57e19febd2491db084e5de4efff2b8c59b56a379ff8110c0389a3e
SHA3-384 hash: f34978af79285b32ce5dfc14cae5ad8b7d064b14d8c810fe84ee8aff3059d81b7355fe9b837e7e481e651f53a5aed4ed
SHA1 hash: 7f42158804eac9db6e2d575917b4a4b6ce278e45
MD5 hash: fd880cb3e0a993e24b180e5024447bcd
humanhash: tennis-illinois-friend-football
File name:PURCHASE ORDER No. 22.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:304'643 bytes
First seen:2022-08-29 12:49:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ZifLra4V8qZVVoO3tnh1NwcSezweVW+0JBDk7xAKT+ildgAGn+vSk+tHXry7e:ZKtH7w4pxkBDkFAKG+KrJ
TLSH T18F54234AF13AF3F6668BEC38073553FE16178D08D61536039DB78296DAA0514CB91ACF
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:GuLoader rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Niklas Heidiri <info@siclk.com>" (likely spoofed)
Received: "from mail0.siclk.com (unknown [45.142.166.147]) "
Date: "24 Aug 2022 09:21:46 +0000"
Subject: "PURCHASE ORDER No. 22"
Attachment: "PURCHASE ORDER No. 22.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e32b19defa57e19febd2491db084e5de4efff2b8c59b56a379ff8110c0389a3e/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2022-08-24 11:52:05 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
19 of 40 (47.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4mvrtxx2k7qz726sjeo3bbhf3zhp74vyywnvni3z76arbqbyti7a._file
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader spyware stealer
Link:
https://tria.ge/reports/220829-p2xbfsafd5/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Guloader,Cloudeye
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e32b19defa57e19febd2491db084e5de4efff2b8c59b56a379ff8110c0389a3e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar e32b19defa57e19febd2491db084e5de4efff2b8c59b56a379ff8110c0389a3e

(this sample)

GuLoader

Executable exe 7dd92e873c628b396cdddf9fa1d616102db4381b29c6f3b3c6306d0899c5589f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7dd92e873c628b396cdddf9fa1d616102db4381b29c6f3b3c6306d0899c5589f
  
Dropping
MD5 ef26d5aa45cc4eaec576a73a5a878621

Comments