MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9bcebb30731ce1c7ecca26eb2d6a717caf06824fd834775e571d4f684f9d279. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9bcebb30731ce1c7ecca26eb2d6a717caf06824fd834775e571d4f684f9d279
SHA3-384 hash: 808cc8758f4e85510d4accde5fd0319bd1e869514d595f2de52ebbfe83654d7c59490ee8c13d00d8ee0a18265df42203
SHA1 hash: 97a094302b8da0699911f0d94a14414ae962d843
MD5 hash: e122989da5dd2b217b17195ab0cba9fd
humanhash: utah-oxygen-edward-hydrogen
File name:rechnung.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 10:19:29 UTC
Last seen:2020-05-22 10:52:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 90271a1fd2a22e1377eab594fb8dfe81 (1 x GuLoader)
ssdeep 768:FDYkfty2FBy2z+pyzLq3mvoUUfmjpCw8f0oK/P1kpVTrZEoIDrV//:JYSDFA2z+pyzLq39UUf6pCwzQuoYt
Threatray 797 similar samples on MalwareBazaar
TLSH 15931A227E85D8B7DE008DB15956959D22FBBC3179800F0B78C53E1D3DF3A82B961B29
Reporter abuse_ch
Tags:DEU exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mxout02do.versatel.de
Sending IP: 89.245.129.165
From: kidrth@versanet.de <kidrth@versanet.de>
Reply-To: kidrth@versanet.de <kidrth@versanet.de>
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 21-05-20 Rechnung_20-613129926-001
Attachment: Rechnung1.zip (contains "rechnung.exe")

GuLoader payload URL:
http://156.96.118.179/RSol.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.878098.14188.9359.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 09:17:04 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
azorult
Create hunting rule
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
GuLoader
308c96557c6be5d4519ba4bac38c23e611c7b61683cfc1063a6009e216c24f5e
GuLoader
44b9088e8bd1c22c10d5ea77951a3dda0884a8564187a8f98a4472120f374c91
GuLoader
4f197c8bdfa89d2a0d041b47dabf307cba6c3deb639134357e0bfee3bf28645f
GuLoader
81337231c53d0927b5aaff1792d71b5f5270e268e1909267ad3bd79951e72642
GuLoader
9e17a9c1b1d0db2c9cd8fdf42c475712f8faaa68cb08bbff910a2927b910d88f
GuLoader
9ffc0cc7f5b6bfb1e02d404b6d850e2fd72a778a1a2582fc061723f084cc73c2
GuLoader
c8dda41b34e9b16da333bfa30653a6f46be67c657158ecfd2c0463903b01e54d
GuLoader
d60af7a38f3b01fa2c7926959f9c65b91d9dac09da0e6e0431237ffd58b2e8f0
GuLoader
f09dc0b3275b4c1e3a616911805011c2871af1407599493dc980b6987cb313eb
GuLoader
+ 787 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hm1v48v9mj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 430d25b78ba647fc479350595c90009fc7fc116004c6b0f693e6223aa7b00c6a

GuLoader

Executable exe e9bcebb30731ce1c7ecca26eb2d6a717caf06824fd834775e571d4f684f9d279

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366085/
  
Dropped by
MD5 c5271eb5f0c18cf23d10ff18a61ba8dc
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 430d25b78ba647fc479350595c90009fc7fc116004c6b0f693e6223aa7b00c6a

Comments