MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 926ec7dc836ef4afe00029fa18c2dcf7ed49b41b24d884dfe6173c63a0329b50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 926ec7dc836ef4afe00029fa18c2dcf7ed49b41b24d884dfe6173c63a0329b50
SHA3-384 hash: ce9e62aadfdb8899b97c2630978ab058237fc53cf9e3c1049f3fae0a9825ddb8d0d5ee220f09a0e03aa8a5cd51805dc3
SHA1 hash: 92cf92da98d3371d682f294e6f9eb4bf02d17a7f
MD5 hash: 823fb471a14d74fe047f9b5ca5e3ed57
humanhash: fruit-seven-paris-winter
File name:INQUIRY.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:21:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 44145feef84968534235ffb1f6938de8 (1 x GuLoader)
ssdeep 768:5SdAxPqjEV+T9Sr2nR+8GYxiKH74uEXU9Xvcld6CjCUS2VE0sGq:5SCxPdV+RCU08GidbWkdULVjCt2WBGq
Threatray 457 similar samples on MalwareBazaar
TLSH 03B3F7827AE8BCA1EC168FB649D19DA60D27FD252C215F07B05FB68E1E371881FF0215
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: rdns0.royalsteelballusas.com
Sending IP: 79.124.8.210
From: Gregg Ferstman <sales@royalsteelballusas.com>
Subject: REQUEST FOR QUOTE
Attachment: INQUIRY.rar (contains "INQUIRY.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=17xH1VnN_Jd85lX_W6DEAsis39ggxwL5_

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5550/
Detection(s):
SecuriteInfo.com.Trojan.Heur.VP2.gm0@aueiovab.20062.12991.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:59:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
05d8cf394190f3a707abfb25fb44d7da9d5f533d7d2063b23c00cc11253c8be7
GuLoader
0dece9fdaaf9fca84d4ea64f94e789ee03a7a7e663d138327c662c4fc23aa2bb
GuLoader
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
GuLoader
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
GuLoader
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
GuLoader
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
GuLoader
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
GuLoader
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
GuLoader
ab6c220ed37a3771afb540e7b1179aea65119d6e3da91d55af7f659f61541f42
GuLoader
ce2644d2d9973ab0a3004942cef2d74d210882bea29d8b698c7af02d308b289e
GuLoader
+ 447 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hte2c8fvcn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 1e7343b260d364d28d04a497c8903183ed87133612a7937a62638b513e29aea2

GuLoader

Executable exe 926ec7dc836ef4afe00029fa18c2dcf7ed49b41b24d884dfe6173c63a0329b50

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366514/
  
Dropped by
MD5 b56c81a8190a4d80ce861239f77a9115
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1e7343b260d364d28d04a497c8903183ed87133612a7937a62638b513e29aea2
Cape
Cape
https://www.capesandbox.com/analysis/5550/

Comments