MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546
SHA3-384 hash: 0bb90275c5b7b1d0b2e5498cb744851d56bdfd48f03913c0db3e201cdc106f77496739673084857bf3f2dc5e62ba4671
SHA1 hash: f25e73528b088a2bf6624c09b964eff738f15aff
MD5 hash: 9cdfe792464cbb3704559b481f57189e
humanhash: december-winner-william-pluto
File name:Telet order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 16:47:02 UTC
Last seen:2020-05-27 17:50:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1690ed4fc389277a692d630b03b609ce (2 x GuLoader)
ssdeep 1536:0QTGZstMw5+JDQHHL0G9i9ZHCiu9VEzwd:0QCNODQiJEkd
Threatray 200 similar samples on MalwareBazaar
TLSH 26B32A1F74919C76EC64CBF14875A5E15C32BC34E9108F1B7385BA6DAA332C96DA032B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.neileshcorp.solutions
Sending IP: 162.241.215.144
From: Ali M <dinamikakarg@post.com>
Subject: Re: order specification
Attachment: Telet order.zip (contains "Telet order.exe")

GuLoader payload URL:
https://thedebagroup.com/binUG.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5729/
Detection(s):
SecuriteInfo.com.Trojan.Agent.ERNC.27251.12393.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 13:56:15 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
07a9d94f0bcc45ac835d85d49807b711521442d887256bcd7664e95fa8898c21
GuLoader
09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d
GuLoader
1743a5e236fbc214c0199172ba07c57b9e171e9865603f9a6b114dfb9ce5c17c
GuLoader
20be0c183bcbe3cf8b803b2afa2a87fddd7ec2adc68666fa29eb15c77292a0b9
GuLoader
45172c6f3fbacf815513185a406124acb7e22f367ee212f6618baeef565fe32d
GuLoader
4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a
GuLoader
4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308
GuLoader
77d83370f3109b9a0c199c60870edd92184c170abfc2f1817cd625245fcfae10
GuLoader
7a48dec0d80b9fe91920f32ae466525c89452544b3fbf499bf10401ab4119be7
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
+ 190 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-z25z3zzbf2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6a7530c0fa48f0783631d8eaf91718c577d8e73230f9ebc896dfd501ed061d3d

GuLoader

Executable exe 3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369922/
  
Dropped by
MD5 73625f1fef6a5cc9aee2baee460d5ee7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6a7530c0fa48f0783631d8eaf91718c577d8e73230f9ebc896dfd501ed061d3d
Cape
Cape
https://www.capesandbox.com/analysis/5729/

Comments