MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a102ce665ad68d76c1fae745d9eb530e801efa07e16672e07792f202958da80f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	a102ce665ad68d76c1fae745d9eb530e801efa07e16672e07792f202958da80f
SHA3-384 hash:	9041883b8b622ec000b24cc781da99c33a3f7dd92babc7b1a649ba4bb9c9052f8003c82e2f55868365fb3485b5402b40
SHA1 hash:	2ee96ccec4d361aebe8540492f233491b386caa7
MD5 hash:	107c8698d28a9a8e439170cabc570265
humanhash:	london-winner-lamp-oxygen
File name:	PURCHASE ORDER.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	86'016 bytes
First seen:	2020-05-12 11:53:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4252e8a823ff8ba2b82ed883335f94a8 (1 x GuLoader)
ssdeep	768:w0A0xbtQ9vzHX0JHrBCAShmauffE1rn2Ukd4aSrG:8597wCASg/fc1rn2Umga
Threatray	296 similar samples on MalwareBazaar
TLSH	D9835CA2B284D662D5158EFE5B70E7B9065E7C300E868917B1C5B70F2B37660E53232F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: plesk.cizgiteknoloji.com
Sending IP: 37.247.109.254
From: Taimi Sjöström <webster@citofoniarintec.cl>
Subject: Purchase Order
Attachment: PURCHASE ORDER.PDF.xz (contains "PURCHASE ORDER.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/3733/

Detection(s):

SecuriteInfo.com.Mal.FareitVB-AB.14828.22431.UNOFFICIAL

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

rans.troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/355509

Behaviour

Behavior Graph:

n/a

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-12 12:42:03 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 31 (70.97%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uebm4zs222gxnqp245c5t22tb2ab56qh4fthfydxslzaffmnvahq._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-pdstsfgwax/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

483e1dbbe325fb4cafced113592d165d

GuLoader

exe a102ce665ad68d76c1fae745d9eb530e801efa07e16672e07792f202958da80f

(this sample)

Dropped by

MD5 483e1dbbe325fb4cafced113592d165d

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/3733/

Cape

https://www.capesandbox.com/analysis/3731/

Cape

https://www.capesandbox.com/analysis/3725/

Cape

https://www.capesandbox.com/analysis/3724/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample