MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a
SHA3-384 hash: 367c7e054c0d6e9cb441069bf6670fe34c5129b5afad2805405e63a9c38e562b9e0f36b4c7c77a37d3a922f5682bc750
SHA1 hash: b863065ad4fbe1af99541826bbbe8372152ae624
MD5 hash: d9393457a5d08bca1214823f3e070261
humanhash: fifteen-delta-pizza-eighteen
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:30:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 07ba89af8579b04c7af84a2b9c26275a (1 x GuLoader)
ssdeep 768:l2E2AvlCtbg1zcsjCSIEs/eDZz3uhK7tb89+j1pkyZqzJdScbrUA1:MGgbgmsjCE6UZzeFYjoyZFE
Threatray 296 similar samples on MalwareBazaar
TLSH E3B3F81375A05C72DDB48BF109B189B51E36BE3C2A198F17B149FB4E2D329C939E131A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: fran.com
Sending IP: 83.166.245.173
From: RINNO\ <RINNO <andy8645@naver.com>
Reply-To: andy8645@naver.com
Subject: Request for Quotation - V-40795
Attachment: RFQ_V40795.img (contains "order.exe")

GuLoader payload URL:
http://185.94.191.88/bin_qNQJqzF250.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5758/
Detection(s):
SecuriteInfo.com.Variant.Ursu.879400.5326.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:15:33 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1743a5e236fbc214c0199172ba07c57b9e171e9865603f9a6b114dfb9ce5c17c
GuLoader
20be0c183bcbe3cf8b803b2afa2a87fddd7ec2adc68666fa29eb15c77292a0b9
GuLoader
20f7b18b6a91f3908baaac269777f9067a37e3e2bf5701b822877f3b2b569c0a
GuLoader
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
GuLoader
3c774090ba37e891c0268796302378c8340f29c3d5dd1be52395abfd2c126bea
GuLoader
45172c6f3fbacf815513185a406124acb7e22f367ee212f6618baeef565fe32d
GuLoader
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
GuLoader
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d3a0f59483985809d83304d2336cd23554c8bca976adcb1008cdd529a1e342ee
GuLoader
+ 286 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-q89x4gyatn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 432c46326f50f3c00232f768d3297257567433ebd8a6a0878014822e0543b897

GuLoader

Executable exe 4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368753/
  
Dropped by
MD5 5a4e92b4d3b85b867b9eac1d316c91ba
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 432c46326f50f3c00232f768d3297257567433ebd8a6a0878014822e0543b897
Cape
Cape
https://www.capesandbox.com/analysis/5758/

Comments