MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e92e8fd2f291f75954d7417f414bb08e8fd5b015773798ab9743426685dab322. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e92e8fd2f291f75954d7417f414bb08e8fd5b015773798ab9743426685dab322
SHA3-384 hash: 4356a18713c73b7c939e645edb5b16c9efef3e9cd89dad927fe6e5b0d530db55bdaf13d96f88e668b0b567ac9215632c
SHA1 hash: b14f5438a8b49825f10ebc2d74eab52b3718ad94
MD5 hash: 80c95782f462c61246a9558506811647
humanhash: grey-michigan-mirror-emma
File name:Payment Advice - AdviceRefG20755400121.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2020-05-12 16:29:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d2e471ceace505f8b878e47384cd80d6 (1 x GuLoader)
ssdeep 3072:8TpTE549TLZYViRDe3523kML0tngPOZMGfK6hk9DeNwgqSb+9jWjMcJobb84HxF:K
Threatray 136 similar samples on MalwareBazaar
TLSH ABD3624BE220FB01C35414F17BA95AEA42ED9D3D6964C503E3D072AE6779B0AE532393
Reporter abuse_ch
Tags:exe GuLoader HSBC


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host.sarmcol.com
Sending IP: 199.217.117.157
From: advising.service.56028822.518660.1539198682@mail.hsbcnet.hsbc.com
Reply-To: robles@ammeraalbeltechusa.info
Subject: Payment Advice - Advice Ref:[G20755400121] / ACH credits / Customer Ref:[HSBC/FT/006-B] / Second Party
Attachment: Payment Advice - Advice RefG20755400121.pdf.gz (contains "Payment Advice - Advice RefG20755400121.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:37:13 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5exi7uxssh3vsvgxif7ucs5qr2h5lmavo43zrk4xinbgnbo2wmra._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b7b7e73fba7b8967e403df8b6ccc237c0185093e05ce7c3044457accb6ad335
GuLoader
2026e97bd58d8848dbd55664417790d5ee804bc2fe86ad054cb6a304d2d39a6b
GuLoader
471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975
GuLoader
8598147a91005830b94021bf5bf401e1b10d55ff940244394e8fb3bb8f494539
GuLoader
a5d9ffc80b57f0144f4fc99b8ee1061247372134f80b25f8bcbfabfa058e5e53
GuLoader
b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d
GuLoader
ccbe3d3c56f67ca2eae06209050bfb086fdbc579d8511585533e841e4d9b5dfe
GuLoader
d720af33d2bfd971d3b8e281c5f1b463389f9923eff1efa81351fd0e1a413e94
GuLoader
dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc
GuLoader
ecb89e9f66cd7f37efefec4cb211770200ccb17c810ad741cb3ec141e41c361c
GuLoader
+ 126 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-w2kgpneaes/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 1ffda457adf571b7095200f9aaceab489d7d19ddb46d0f42aa74e72bfa818e8c

GuLoader

Executable exe e92e8fd2f291f75954d7417f414bb08e8fd5b015773798ab9743426685dab322

(this sample)

  
Dropped by
MD5 5dd9b23d07c1c5f094d0ce3b7c34f130
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1ffda457adf571b7095200f9aaceab489d7d19ddb46d0f42aa74e72bfa818e8c

Comments