MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 243a2b578261be1f29edf7c38a2c2b034bdf7b05591d5cbd8d386d3b2d003c20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 243a2b578261be1f29edf7c38a2c2b034bdf7b05591d5cbd8d386d3b2d003c20
SHA3-384 hash: 3b7a95807f7b65d90fb2a3e545ae797b5121e9ad1f74ad9703ecaa8d6865e4c2a7968820918e67c8553baf88781c9e8b
SHA1 hash: c460232636c8ae101be7dc0d291ea642350fde19
MD5 hash: 526e9ed945b7ad90d76f0fa6afed0554
humanhash: cardinal-low-freddie-spring
File name:INQUIRY.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 16:48:01 UTC
Last seen:2020-05-27 17:50:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf38c805c93d7021753dd99e8fec9e54 (2 x GuLoader)
ssdeep 768:KyntZZrkDVzOmB5EEoO4w3oh/b011KIEtD526rvOgHwQSX0K7xEOkvu9AqdJh+Wt:rn35g16EouEA1AJ526rjXSR74u9+4
Threatray 178 similar samples on MalwareBazaar
TLSH 64B3F91779D4AC72EC318BB15975CDA15D76AD312C00AF1B3208BB6D38325CEE9E178A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whm.mastertindo.com
Sending IP: 103.103.192.221
From: Howe Robinson Partners/ SNP <snp@howerobinson.com>
Subject: CARGO INQUIRY
Attachment: INQUIRY.rar (contains "INQUIRY.exe")

GuLoader payload URL:
https://cloudfiree.ga/mana.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5732/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33911270.16451.31160.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 01:31:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 30 (70.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
69386692648e92eb4a80be0962bc1dff4a1c6773ed7ae2f30a2947ad96449f03
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
9155426a4b27b5b6196dee3ae9f3c27bea283e17e2fbb0cd68b8a81b2f749bd1
GuLoader
9ce39afed2b1b439d074bcda9791a603e32054133fb4928c58f4504af4cda576
GuLoader
a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
efb49d2dce05a0e46211758c5907f085ed3ca37a93da268db71cf5dc34e9c52a
GuLoader
f7bc1d048862d9c11b8ed1a9b294d1d1913d2b11ca19598ec1d7f2e028dd207e
GuLoader
+ 168 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ynwrtbqmqx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 2f2e5e1fb87ca9e129fef76dd0663717b434cb0a795b385236c94d4d1e711584

GuLoader

Executable exe 243a2b578261be1f29edf7c38a2c2b034bdf7b05591d5cbd8d386d3b2d003c20

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368736/
  
Dropped by
MD5 352c1c7b08197dd44028c0c3e7971c77
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2f2e5e1fb87ca9e129fef76dd0663717b434cb0a795b385236c94d4d1e711584
Cape
Cape
https://www.capesandbox.com/analysis/5732/

Comments