MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08
SHA3-384 hash: ed1a0a5d0b016c9040c54b4b310d434d916c1601f87eef717b182e2647a1fd2f28119ed44cca14f5a7a534c022541bd8
SHA1 hash: 4814dddaef7849f2062e43c66dcaea61edfc0f92
MD5 hash: 2eac239b70bedfc4744ba29fe33cb79a
humanhash: seven-item-lake-aspen
File name:Shipment Details 10-06-2020·pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 12:35:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 14fdf4d6a791611048fd2c7b35fad479 (1 x GuLoader)
ssdeep 1536:bRz94d4xRbJSMKQpXI7rbbqB02qx1PRYeq:9R4dgcs+Xm6uT
Threatray 26 similar samples on MalwareBazaar
TLSH 66536D2F6E08E583E03407B014A396A52AB3DC2D5A016F577D8C7F2DDA35695BCE321E
Reporter abuse_ch
Tags:exe geo GuLoader TNT TUR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: zeus.webex.gr
Sending IP: 46.4.69.158
From: TNT Shipment Notification (Turkey) <shipment@mail.tnt.com>
Subject: No.156902370 için TNT sevkiyat bildirimi
Attachment: Shipment Details 10-06-2020·pdf (contains "Shipment Details 10-06-2020·pdf.exe")

GuLoader payload URL:
http://bijelizec.hr/download/IFENAYE%20MAIN_ZXVVbtwxxh151.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7541/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMIT.22824.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:37:05 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ojw2bng62jrsrtwhck4w2hzv7axbbsdyqohrilz3tqlq7z2xqea._file
Verdict:
malicious
Similar samples:
2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b
GuLoader
40448ac4d77204f07911c0b53293d8c82591e0dca53b0eed9b4453d6133eff58
GuLoader
573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6
GuLoader
5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41
GuLoader
8e8ca471a9f9af066d0c6bc50224b2a42047babcf74fefa7a2746e2177148743
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
dbfdd9906827edada6d6bb63194a7b952f6e5f7592f59f2a9b7ff0dbe9dd01c0
GuLoader
eab3314405f92ae64e873677f8c2f47c6d1b6acab14e3f9a27e3580dd8409b72
GuLoader
f0f07c2192956e44619a5bea6c55b3f2d4be7ad9fd86fa1e85f734deaacc05f6
GuLoader
f6d45dfe2df55a795c38882a4b7505efcf2ba8af52e065973c5522cecd5099da
GuLoader
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-cffs2aw7ss/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 7453ab6129ff3c1fefdb3655297547d2878906d96e80904f50f94719f6f56fd1

GuLoader

Executable exe e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08

(this sample)

  
Dropped by
MD5 75fc6b9bd37bb0c6feaed59e217ac4ef
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 7453ab6129ff3c1fefdb3655297547d2878906d96e80904f50f94719f6f56fd1
Cape
Cape
https://www.capesandbox.com/analysis/7541/

Comments