MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20f7b18b6a91f3908baaac269777f9067a37e3e2bf5701b822877f3b2b569c0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20f7b18b6a91f3908baaac269777f9067a37e3e2bf5701b822877f3b2b569c0a
SHA3-384 hash: a5de296f836ebbc6299ff66675c7280d3291152fe2cc44ec42674ca6819786683f6fba7b2508387cce929788ee433838
SHA1 hash: 5d248bfb8434128d278fe8d94774ae06dc1d2787
MD5 hash: d8e69a8b0998459099748df59da9174d
humanhash: lake-purple-butter-artist
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:29:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f5694e32dedc9625756c1e79636650d2 (1 x GuLoader)
ssdeep 768:lvMymngdNDdnSraOFXgJHj7kCBzeQ/d++/ja1Vvf0VZkeNO/JZeODrcA6:xXVNDdSG2gZkMzeQ/N/0Vvf0QeN1J
Threatray 245 similar samples on MalwareBazaar
TLSH EBB3E813B5A05CB2FC64CFB2087199711D3BBCB92A090F077544FE5D6B726CA6AB031A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Batgerel Odsuren <odsuren.batgerel.me2@eng.nssmc.com>
Reply-To: odsuren.batgerel.me2@eng.nssmc.com
Subject: Request for Quotation of Screw Decanter Centrifuge_CE1 Project/AA167194000000 (Muhan Technical)
Attachment: FOQ20-0514-0064_PT. UNGGUL PRAKARSA PRISMA.img (contains "order.exe")

GuLoader payload URL:
http://185.94.191.88/bin_qNQJqzF250.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5756/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43228788.3010.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:36:38 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
210ab3fe27b89600aee07cb30d49b82c736f807323de6e8c1edf8d30ac13e0b6
GuLoader
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
GuLoader
3c774090ba37e891c0268796302378c8340f29c3d5dd1be52395abfd2c126bea
GuLoader
4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a
GuLoader
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
GuLoader
b3ffcbb8279a9fd2b833c99170fd8cf01f9b5209617840dd8cc4411989d5e479
GuLoader
c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564
GuLoader
f2e90acd9eecf1318a331ed9d7459caaff437e46c00ab2757f313d09002a4f94
GuLoader
+ 235 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-97dmgj6wxj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img cdcb9a7ab527c755ccb696edddd601707008f56afc85f86d2361a46e12b16361

GuLoader

Executable exe 20f7b18b6a91f3908baaac269777f9067a37e3e2bf5701b822877f3b2b569c0a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368753/
  
Dropped by
MD5 f03e70440f4be5f7485e54a21cbd1f9f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cdcb9a7ab527c755ccb696edddd601707008f56afc85f86d2361a46e12b16361
Cape
Cape
https://www.capesandbox.com/analysis/5756/

Comments