MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5b253f6f3a634898c32bba6a67e62388d5dc059f6e312011bba4b3d3f01db17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5b253f6f3a634898c32bba6a67e62388d5dc059f6e312011bba4b3d3f01db17
SHA3-384 hash: 0a30b741a7c079aad495905b6340e897e31f144f6386be7b8b8e074fd06020fef02d8b3a61df2f2b16f712fee2054081
SHA1 hash: 52b3b68639a781c1ab44c4fd7efffca5d1ae4faf
MD5 hash: 22b8c06dcda0ebcb961580ab836c9b1a
humanhash: artist-carolina-freddie-charlie
File name:SMC PO 1172 Amt-03.xz
Download: download sample
Signature GuLoader
Create hunting rule
File size:567'713 bytes
First seen:2022-08-29 07:18:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:JxFu8v9Hz/S59UchHVuOw4qfqIYSAHS67W10KX05e90zOMMm:Jt5/SzUms4qfq1DHS67S0K0ZMm
TLSH T1A1C423669F8F782DA625395E10E428D2D2170367B5FB15F6889B3A10E360E782BDC1CD
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:xz zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Saudigrate contracting <info@saudiqrate.com>" (likely spoofed)
Received: "from mail0.saudiqrate.com (unknown [74.119.194.243]) "
Date: "22 Aug 2022 11:07:01 +0000"
Subject: "New Purchase Order"
Attachment: "SMC PO 1172 Amt-03.xz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
176
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Pequake-4
Create hunting rule

SecuriteInfo.com.Malware.Heuristic.1006.8978.2412.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/630c68e7116a699e028b144b/reports/ee648401-f932-4f56-ad0c-747735686e0d/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/f5b253f6f3a634898c32bba6a67e62388d5dc059f6e312011bba4b3d3f01db17
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5b253f6f3a634898c32bba6a67e62388d5dc059f6e312011bba4b3d3f01db17/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2022-08-22 17:36:28 UTC
File Type:
Binary (Archive)
Extracted files:
25
AV detection:
21 of 40 (52.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6wzfh5xtuy2itdbsxotkm7tchcgv3qcz63rreai3xjft2pyb3mlq._file
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader discovery downloader
Link:
https://tria.ge/reports/220829-h5htxaega7/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks installed software on the system
Checks QEMU agent file
Loads dropped DLL
Guloader,Cloudeye
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f5b253f6f3a634898c32bba6a67e62388d5dc059f6e312011bba4b3d3f01db17

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f5b253f6f3a634898c32bba6a67e62388d5dc059f6e312011bba4b3d3f01db17

(this sample)

GuLoader

Executable exe 53fe76b7bdc8d214aa7124cac2cd49e6873c5d91d8fdf7ddf3650fa0d11c2240

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53fe76b7bdc8d214aa7124cac2cd49e6873c5d91d8fdf7ddf3650fa0d11c2240
  
Dropping
MD5 d5605c1ce11a5d84f4c7169c4862a52b

Comments