MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7bc1d048862d9c11b8ed1a9b294d1d1913d2b11ca19598ec1d7f2e028dd207e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7bc1d048862d9c11b8ed1a9b294d1d1913d2b11ca19598ec1d7f2e028dd207e
SHA3-384 hash: f0da01b9a120ea908dd3d2585ea000c4b5b5ab19a3d971e0de863ee017d7a8987228b9001057b4ab0ea2b6b86f3f9f1d
SHA1 hash: 55e583ce1d8dfc96571f278242b93e1fd03c8513
MD5 hash: 71eb1b8f1e22fc060948beab9226ce38
humanhash: nuts-snake-montana-pip
File name:invoice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:49:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 357c91724df9e13a37275631f660c704 (1 x GuLoader)
ssdeep 1536:J6+782eV46YbC9gA1iCzupzTY8qRIqhhkm:J6Z4zbmduh8CqhKm
Threatray 342 similar samples on MalwareBazaar
TLSH 32B32903B2B49C72DD718FB1183195752D3ABD386D144F2B7548BF5E2C36ACA6A9032B
Reporter abuse_ch
Tags:DEU exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dd13516.kasserver.com
Sending IP: 85.13.135.97
From: info@restaurant-alejandro.de
Subject: Auftragsbestätigung und die Rechnung vom 27.05.2020
Attachment: rechnung.zip (contains "invoice.exe")

GuLoader payload URL (dropping AZORult):
http://156.96.118.179/REMM.bin

AZORult C2:
http://digitalpass.duckdns.org/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5082/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50139.28680.8946.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 11:39:27 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2047ecb45a1bd7dad219077cd5446bffc34fdc7acad3d3293c576fc187b08996
GuLoader
35581eb6b7b958bfd5a21f192571f5adeeac39295de4ce29bc16bbb57480ae80
GuLoader
6c759b96dca08330cce6b7787e69b286d3b1a22a618f81409fd674ef720eb6dd
GuLoader
889352094880e37d9fb8d07ca965839f595ac5b821996f4290149d1815981a7b
GuLoader
92574e92ed7461639393ef09258609b637fc5e68341c5fe13e460f2dff705d0d
GuLoader
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
GuLoader
a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248
GuLoader
ad3bb3f26289dc46ab58afb6cdf67ca9a256519fd9d087a418f849f9bcb78c25
GuLoader
d810052504c453dbe0b0960c1f818146afce0c24f793d37e35ca806d8458d647
GuLoader
f8a6d117bfaaeaf97082bdab997196ebc517e34c45eda9b687c19923feeefdd6
GuLoader
+ 332 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kph29xytke/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 648abbce845d97d223d75af566b300c8c48f994fd853c9873c1f897b4df44a69

GuLoader

Executable exe f7bc1d048862d9c11b8ed1a9b294d1d1913d2b11ca19598ec1d7f2e028dd207e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369986/
  
Dropped by
MD5 050891530dc04141d1bec1a2b8751110
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 648abbce845d97d223d75af566b300c8c48f994fd853c9873c1f897b4df44a69
Cape
Cape
https://www.capesandbox.com/analysis/5082/
Cape
Cape
https://www.capesandbox.com/analysis/5077/
Cape
Cape
https://www.capesandbox.com/analysis/5004/
Cape
Cape
https://www.capesandbox.com/analysis/5003/

Comments