MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9188298a545444368a26d4d1fcc9be1e49ed55660891458d75c3dd5a2981c93b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	9188298a545444368a26d4d1fcc9be1e49ed55660891458d75c3dd5a2981c93b
SHA3-384 hash:	d2968bc21bdbcb1389ec1226b6ac6420dc10475be0fc206f2a38dda1a8014daa7e2d25390e4c2df0f9bd58a32cbb8a98
SHA1 hash:	da3eb5e2bf688e27acb4299b3444bf9b999d1ba9
MD5 hash:	a8a17c0022eb380f2543bea8265d3f18
humanhash:	six-eighteen-single-johnny
File name:	order2020.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	1'187'328 bytes
First seen:	2020-06-02 09:34:06 UTC
Last seen:	2020-07-14 14:12:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4d84e031b27f244eb947beb2f48c2232 (8 x RemcosRAT, 1 x GuLoader)
ssdeep	12288:TqW2gu/kCX5Bq8WDCmKBU7Xvl6uZQuTy04CeO:O7HkCXPq8WDmwXtRt74d
Threatray	437 similar samples on MalwareBazaar
TLSH	2745B1AAE0943B37F162163058265933DBE62C632AD4903AFD94FF49763DD7D2C050AE
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: bosmailout04.eigbox.net
Sending IP: 66.96.187.4
From: Khan Industries <design@allimportes.ga>
Reply-To: exportscoin@gmail.com
Subject: Re: procurement NO 5678 2020
Attachment: ZTECHORDER2020.IMG (contains "order2020.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6019/

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-06-02 10:42:37 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 48 (47.92%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=sgectcsukrcdncrg2ti7zsn6dze62vlgbciuldlvypovukmbze5q._file

Verdict:

malicious

Label(s):

avemaria

Result

Malware family:

modiloader

Score:

10/10

Tags:

family:modiloader

Link:

https://tria.ge/reports/201109-py7p95a3p6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Legitimate hosting services abused for malware hosting/C2

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 2332400f12db8642e6eab77dc0f9ff46bfe10c3963da975a765e68314c96f472

GuLoader

exe 9188298a545444368a26d4d1fcc9be1e49ed55660891458d75c3dd5a2981c93b

(this sample)

Dropped by

MD5 55f21d0f8d9b2f923979bd3592b003be

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 2332400f12db8642e6eab77dc0f9ff46bfe10c3963da975a765e68314c96f472

Cape

https://www.capesandbox.com/analysis/6019/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample