MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43ba958550781f620df1ae656c60c1957ca5e34bde5c59db95ae5cffe303f0a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43ba958550781f620df1ae656c60c1957ca5e34bde5c59db95ae5cffe303f0a9
SHA3-384 hash: 270f328950fb109f26385ff320c4375f09cdcb03084c1272e707f8bc07b66bfb40c99d5f5fa1521a1d0da482d8075655
SHA1 hash: 527a97573cf148883bd9884a77dca2c4089134a6
MD5 hash: 7c6545fe02a59369977de45239d61ac0
humanhash: romeo-kansas-kilo-carolina
File name:Order_OH432-930.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-12 16:27:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bab72358089a9a92c5e8ebb545eb3616 (1 x GuLoader)
ssdeep 3072:p6fiwBxIFP+2IFqmjKBGy1U7lNvYYeWdWmFCREM7oNYs9SbIFOKGTIolY7B8NtIF:pK49O
Threatray 905 similar samples on MalwareBazaar
TLSH C804E84BF221FB12C34104F177A956EA5AFD5C7A68B1C417E3C071AD66B6B0AD4323A3
Reporter abuse_ch
Tags:exe GuLoader UPS


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: tigers.unisonplatform.com
Sending IP: 72.34.62.164
From: UPS Express <smtpf0x-2dl5v@rent-a-car-4you.com>
Subject: Parcel delivery problem
Attachment: Order_OH432-930.img (contains "Order_OH432-930.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:52 UTC
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=io5jlbkqpapwedprvzswyygbsv6kly2l3zoftw4vvzop7yyd6cuq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
02f2999240877abff06ad4728307dd9069b5ecf8a862b8fc786343f83553a3db
GuLoader
1cd0666b758f28d4d3a402dc10f1b185f5a1fbbe7f74cfceea475e72a5bbecb0
GuLoader
6987962aebbf833513cc85fd4ec26d215170035ee60e69bd2cc2e25b6e9a6d46
GuLoader
717ab569e1a4743ce73546e57a7a1f875425747672b5f2d6fce34af35ab8c16f
GuLoader
9d772f078ebff5dd18830b266cf39eaea44289e765d6290e8589e684a22d0946
GuLoader
a0c9160c101b0eeaa3cc660fd1e22abbd54d566068acdc2968afbef1590548c2
GuLoader
cb62c35fede3c3b21e2d23591e557962491698c6b834ff03f0a42cf714cc2f24
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f5f509cbd11ce2cca22d0f3a50468a9403e63ec9b1542eabbb1d265ae4d6b453
GuLoader
+ 895 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y3xmrr7zea/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

5abc20726b584b554a97f0db566adcd9

GuLoader

Executable exe 43ba958550781f620df1ae656c60c1957ca5e34bde5c59db95ae5cffe303f0a9

(this sample)

  
Dropped by
MD5 5abc20726b584b554a97f0db566adcd9
  
Delivery method
Distributed via e-mail attachment

Comments